Consider as one of the world's most strict privacy and security laws, GDPR was put into effect on 25th May 2018 as European union regulation. What’s significant about GDPR is that even when your company is not established in the European Union but you provide goods or services for the citizens of the EU you are entitled to follow these laws. If a company violates GDPR the data subject who are customers or site visitor whose data is being processed can demand compensation. The accused should pay a fine which maxes out 4% of their annual global turnover or 20 million Euros (whichever is the highest).
In defined legal terms of GDPR,
Data Subject is who owns the data that is being processed.
Personal data is considered as any information that relates to an individual who can be directly or indirectly identified. This includes names, emails as well as religious beliefs, biometric data, gender, etc.
Data Processing is identified as manual or automatic actions(Collecting, recording, sorting, etc) performed on data.
Data controller is the person who is responsible for deciding how and why the data is processed.
Data processor is a third party like cloud or email service providers that process data on behalf of the data controller.
There are 7 data protection principles in GDPR
1. Lawfulness, Fairness, and Transparency
Processing must be in the above conditions to the data subject
2. Purpose Limitation
When collecting data, it should be processed to the legitimate purpose specified to the data subject.
3. Data Minimization
The data should only be collected to the absolute necessary amount for the purpose that specified.
4. Accuracy
Data should be updated and accurate
5. Storage Limitation
The data should be stored only until the necessary direction for the specified purpose.
6. Integrity and Confidentiality
Processing should be done with the protection of data security, confidentiality, and integrity.
7. Accountability
Responsibility of data controller for the ability to demonstrate GDPR compliance with the above principles.
There are 8 fundamental rights that protect data subject’s privacy rights in GDPR.
1. The right to be informed
The data subject has the right to know what personal data is being collected, used, shared, and lawful basis that applies to it.
2. The right to access
The data subject can obtain a copy of their personal data that is being collected to check how their data is being processed and whether it's lawful.
3. The right of rectification
The data subject has the right to correct their data if it is inaccurate or incomplete.
4. The right to erasure
The right to remove/ delete a data subject data depending on some conditions.
5. The right to restrict processing
The data subject has the right to suppress the processing of their personal data.
6. The right to data portability
The data subject has the right to move their data from one IT environment to another.
7. The right to object
Depending on certain circumstances data subjects can object to the processing of their personal data.
8. Rights related to automatic decision making and profiling.
When an automated decision is made and has a legal or significant effect on the data subject, he/she can challenge the decision.
The data controller should be able to demonstrate they are GDPR compliant. If necessary, you can appoint a Data Protection Officer. This is a must under the following circumstances.
- You are a legal authority
- You control the large scale of systematic monitoring data of individuals
- You process data of special categories such as criminal convictions and offenders.
Another important fact is that when in a data breach controller gets only 72 hours to inform the data subject or they would face penalties. To process data, a lawful basis should determine as follow,
- Unambiguous consent from the data subject
- To enter into a contract with the data subject
- To save someone’s life
- To perform a task in the public interest which includes carrying out an official function.
- To have a legitimate interest.
Even though GDPR can bring some restrictions to a variety of industries in long term it provides strong protection to customer data. Furthermore, it provides a solid legal ground to the companies that comply with GDPR in case of a data breach or other cyber espionage.
References
https://gdpr-info.eu/
GDPR awareness course I have read all the comments and suggestions posted by the visitors for this article are very fine,We will wait for your next article so only.Thanks!
ReplyDelete