GDPR (General Data Protection Regulation)

What is GDPR?

It stands for General Data Protection Regulation.

GDPR aims to protect the personal data of a data subject residing in the EU(European Union) / EEA (European Economic Area).

‍

Data Object: Natural Person whose data is being used.

Data Controller: One who decides what is going to happen with that data.

Data Processor: Who processes the data at the direction of the controller.

‍

GDPR is important to understand various aspects of privacy and handling of personal data.

Organizations need to take GDPR seriously as monetary fines are huge

Tier 1: €10 million or 2% of annual global turnover whichever is high

Tier 2: €20 million or 4% of annual global turnover whichever is high

There are 8 Data Rights of GDPR – (I ARERDOA)

1. The Right to Information

2. The Right of Access

3. The Right to Rectification

4. The Right to Erasure

5. The Right to Restrict Processing

6. The Right to Data Portability

7. The Right to Object

8. The Right to Avoid Automated Processing

‍

There are 7 Data Protection Principles -

1. Lawfulness, fairness, and transparency.

2. Purpose limitation.

3. Data minimisation.

4. Accuracy.

5. Storage limitation.

6. Integrity and confidentiality (security)

7. Accountability.

What is the Supervisory Authority?

An independent public authority established by a member state.

What is DPIA?

A DPIA is a prior written assessment that describes a process designed to identify risks arising out of the processing of personal data andto minimize these risks as early as possible.

What is Data Breach Management?

72 hours notification to Supervisory Authority

Keywords:

Entry-level: GDPR principles, Data subject rights, Personal data and special categories, Data Protection Officer (DPO) role, Data breach notification

Mid-level: Data Protection Impact Assessment (DPIA), Cross-border data transfers, GDPR compliance in cloud services, Privacy by design and default, GDPR enforcement and fines