General Data Protection Regulation or GDPR

Leave a Comment / Cyber Security

GDPR stands for General Data Protection Regulation. It’s the core of Europe’s digital privacy legislation. In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe ‘fit for the digital age’. Almost four years later, agreement was reach on what that involve and how it will be enforce.

Companies that collect data on citizens in European Union (EU) countriesl need to comply with strict new rules around protecting customer data.

The General Data Protection Regulation (GDPR) marks a new standard for consumer rights regarding their data. but companies will be challenge as they mark systems and processes in place to maintain compliance.

GDPR

Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

The GDPR leaves much to interpretation. It says that companies must provide a “reasonable” level of protection for personal data, for example, but does not define what constitutes “reasonable.” This gives the GDPR governing body a lot of leeway when it comes to assessing fines for data breaches and non-compliance.

Time is running out to meet the deadline, so CSO has compiled what any business needs to know about the GDPR, along with advice for meeting its requirements. Many of the requirements do not relate directly to information security, but the processes and system changes needed to comply could affect existing security systems and protocols.

General Data Protection Regulation Compliance

Data breaches inevitably happen. Information gets lost, stole or otherwise release into the hands of people who were never intend to see it – and those people often have malicious intent. Under the terms of GDPR, not only do organisations have to ensure that personal data is gather legally and under strict conditions.

but those who collect and manage it are oblige to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.

All organizations, from small businesses to large enterprises, must be aware of all GDPR requirements and be prepare to comply with them going forward. For many of these companies, the first step in complying with GDPR is to designate a data protection officer that will build a data protection program to meet GDPR requirements.

Once compliant, it is important to stay informed of changes to the law and enforcement methods. The BBC has a GDPR topic page covering current news stories around enforcement and other subjects.

Steps to Ensure GDPR Compliance

  1. Physically Read the GDPR: While there are sections which are difficult to decipher and feature more legal language, every person in a position to be affected by GDPR should attempt to read and understand this landmark legislation.
  2. Look to Other Organizations: Businesses all over the world are affected by GDPR, not just those in the European Union. If you, or those in your organization, still lack understanding about the needed steps to reach compliance — reach out to those who are compliant. Many businesses will likely share the steps taken to reach compliance.
  3. Pay Close Attention to Your Website: Cookies, opt-ins, data storage and more are things that can be easily setup on a website. Their compliance with GDPR is another matter entirely. While many tools used to collect and store contact data have allowed for compliance, it’s up to you to make sure you’re compliant.
  4. Pay Closer Attention to Your Data: All data in your organization must comply with GDPR if you have a presence (either digitally or physically) in the E.U. Properly map out how data enters, is stored and/ or transferred and deleted. Knowing every route personal information can take is vital to preventing breaches and ensuring proper reporting in the event of data loss.

What types of privacy data does the GDPR protect?

  • Basic identity information such as name, address and ID numbers.
  • Web data such as location, IP address, cookie data and RFID tags.
  • Health and genetic data.
  • Biometric data.
  • Racial or ethnic data.
  • Political opinions.
  • Sexual orientation.

What comes next for GDPR and data protection?

Countries and regions around the world appear to be taking cues from GDPR by introducing or modifying data protection legislation. Countries which have signalled they’ll change their privacy laws since the introduction of GDPR include Brazil, Japan, South Korea, India and others.

Silicon Valley, California, is also set to introduce its own data privacy laws in the California Consumer Privacy Act, which comes into force as of 1st January 2020.

The legislation follows in the footsteps of GDPR by allowing individuals to have a greater say about how their personal data is used, but in many ways it doesn’t go nearly as far: there’s no set time-limit for notifying consumers about a breach and organisations won’t face fines for non-compliance.

However, the introduction of this legislation into the heat of the technology industry appears to suggest that privacy and consent are issues that could change how Silicon Valley operates.

Written By: Deepak Rathour

Reviewed By: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *