IAPP CIPT – GDPR Implementation – short intro guide!
1. GDPR short overview
Hello, guys. In this lesson, we’ll start discussing about a short overview of GDPR. The General Data Protection Regulation was approved by the European Commission on 27 of April 2016 and becomes law on 25 of May 2018. It replaces the previous European Commission legislation which dealt with data protection, which was called the Data Protective Directive of 90 95. One of the major differences between the GDPR and the previous law is that the GDPR is a regulation rather than a directive. This means that it automatically becomes law in each of the countries that make up the European Union without each of these countries needing to create their own individual laws. In contrast, the previous directive supposed that each of the member states needs to have a separate Data Protection Act that needs to be passed by the relevant state legislative body to enact it.
While the emphasis is often on the rights of the data subject, when discussing the GDPR, it’s important to remember that the European Commission is also trying to make it easier for organizations to share personal data and oil the wheels of businesses within the EU European Union, so it’s not as one sided as often thought. However, there are a number of important things to realize about the GDPR before we get into the detail. Firstly, it concerns the personal data of European Union citizens wherever that data is held. This means that if your organization is not based in the European Union but has customers or suppliers or third parties within it whose data you hold, the GDPR applies to you.
Leading on from this, it means that if your organization doesn’t look after the data in the way the GDPR requires, your organization may be subject to the penalties that the regulation allows. These penalties are a step change from previous legislation, and in serious cases they are designed to hurt. Third, if you do experience a breach of personal data, you have no choice but to tell the relevant supervisory authority about it. There are some vids on that which we’ll come to later, but keeping a serious data breach to yourself is no longer an option. But the mainstay of what the GDPR is about is forcing organizations to take the protection of the personal data of European Union citizen seriously.
2. Format and Definitions
Hello, guys. In this lesson, we will discuss about the format and some sort of definitions from GDPR that you should take into consideration. So the GDPR document itself is 88 pages long and consists of two main parts recitals, 173 numbered paragraphs that lay out the principles and intentions of the Regulation. If you like, you can call it the Background and articles, the 99 sections that set out the detail of the Regulation.
This is the part that must be complied with. In terms of definitions, the Regulation provides 26 of the relevant terms, including the following, which I consider the most important to take care of personal Data means any information relating to an identified or identifiable natural person or data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an Identifier. Such as a name, an ID. Number, location, data, an online ID or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that nature or person.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Where the purposes and means of such processing are determined by Union or Member State low the Controller or the specific criteria for its nomination may be provided for by Union or Member State. Law processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller and consent of the data. Subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action signifies agreement to the processing of Personal Data related to him or her.
3. Principles
Hi, guys. In this lesson we’ll discuss about principles. The GDPR establishes a number of principles that underpin the legislation and are outlined using the following terms one lawfulness fairness and transparency. That means keep it legal and fair. Say what you are going to do with the data in clear terms. Terms. Second purpose limitation. That means you don’t need to do more with the data than you said you would. Three data minimization don’t collect more data than you need accuracy keep it up to date and deal with inaccuracies as soon as possible. Storage limitation don’t keep the data for longer necessary integrity and confidentiality keep the data safe while you have it. And seven accountability be able to show that you are complying with the principles above. If you keep all of these principles in mind at all times, you are unlikely to fall full of out the GPR.
Interesting posts
The Growing Demand for IT Certifications in the Fintech Industry
The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »
CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared
In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »
The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?
If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »
SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification
As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »
CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?
The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »
Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?
The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »