IAPP CIPT – GDPR Implementation – short intro guide!

1. GDPR short overview

Hello, guys. In this lesson, we’ll start discussing about a short overview of GDPR. The General Data Protection Regulation was approved by the European Commission on 27 of April 2016 and becomes law on 25 of May 2018. It replaces the previous European Commission legislation which dealt with data protection, which was called the Data Protective Directive of 90 95. One of the major differences between the GDPR and the previous law is that the GDPR is a regulation rather than a directive. This means that it automatically becomes law in each of the countries that make up the European Union without each of these countries needing to create their own individual laws. In contrast, the previous directive supposed that each of the member states needs to have a separate Data Protection Act that needs to be passed by the relevant state legislative body to enact it.

While the emphasis is often on the rights of the data subject, when discussing the GDPR, it’s important to remember that the European Commission is also trying to make it easier for organizations to share personal data and oil the wheels of businesses within the EU European Union, so it’s not as one sided as often thought. However, there are a number of important things to realize about the GDPR before we get into the detail. Firstly, it concerns the personal data of European Union citizens wherever that data is held. This means that if your organization is not based in the European Union but has customers or suppliers or third parties within it whose data you hold, the GDPR applies to you.

Leading on from this, it means that if your organization doesn’t look after the data in the way the GDPR requires, your organization may be subject to the penalties that the regulation allows. These penalties are a step change from previous legislation, and in serious cases they are designed to hurt. Third, if you do experience a breach of personal data, you have no choice but to tell the relevant supervisory authority about it. There are some vids on that which we’ll come to later, but keeping a serious data breach to yourself is no longer an option. But the mainstay of what the GDPR is about is forcing organizations to take the protection of the personal data of European Union citizen seriously.

2. Format and Definitions

Hello, guys. In this lesson, we will discuss about the format and some sort of definitions from GDPR that you should take into consideration. So the GDPR document itself is 88 pages long and consists of two main parts recitals, 173 numbered paragraphs that lay out the principles and intentions of the Regulation. If you like, you can call it the Background and articles, the 99 sections that set out the detail of the Regulation.

This is the part that must be complied with. In terms of definitions, the Regulation provides 26 of the relevant terms, including the following, which I consider the most important to take care of personal Data means any information relating to an identified or identifiable natural person or data subject. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an Identifier. Such as a name, an ID. Number, location, data, an online ID or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that nature or person.

Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, by transmission, dissemination or otherwise making available alignment or combination, restriction, erasure or destruction.

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. Where the purposes and means of such processing are determined by Union or Member State low the Controller or the specific criteria for its nomination may be provided for by Union or Member State. Law processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller and consent of the data. Subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action signifies agreement to the processing of Personal Data related to him or her.

3. Principles

Hi, guys. In this lesson we’ll discuss about principles. The GDPR establishes a number of principles that underpin the legislation and are outlined using the following terms one lawfulness fairness and transparency. That means keep it legal and fair. Say what you are going to do with the data in clear terms. Terms. Second purpose limitation. That means you don’t need to do more with the data than you said you would. Three data minimization don’t collect more data than you need accuracy keep it up to date and deal with inaccuracies as soon as possible. Storage limitation don’t keep the data for longer necessary integrity and confidentiality keep the data safe while you have it. And seven accountability be able to show that you are complying with the principles above. If you keep all of these principles in mind at all times, you are unlikely to fall full of out the GPR.

• Category: Uncategorized