Tuesday, June 6, 2017

GDPR – General Data Protection Regulation in 60 seconds



“Protecting the data of the people”

EU regulation comes into force on 25th May 2018.  It aims to simplify the existing laws and is an evolution of the pre-existing Data Protection Directive laws.   DPD has been implemented into national laws, leading to some inconsistencies between member states.  GDPR provides a more consistent definition of personal data creating a more uniform law across member states.   It is designed to bring much harsher penalties for non compliance.

Five roles are defined
Data Subject: citizen or resident of an EU member state. The rightful data owner
Data Controller: organisation that collects the data.
Data Processor: organisation that process the data on behalf of the controller
Data Protection Officer: works independently to ensure that an entity is adhering to GDPR regulations
Data Protection Authority: each EU member state must have an enforcement power

Personal Data: any information relating to the data subject

Important Principles
Consent:
data must be freely given i.e. individual may refuse and must affirm its use.
controller must clearly explain how data will be used.
Right Of Access:
data subject may obtain access to the data
data subject has right to erasure
Retention:
Data should only be retained when there is a compelling and valid reason
Enforcement:
3 days to report a breach

No comments: