An overview of the General Data Protection Regulation

The General Data Protection Regulation (GDPR)

The GDPR is a regulatory framework approved by the European Union parliament in 2016. The regulations ensure that businesses protect the personal data and privacy of European Union (EU) citizens for any transaction occurring within the EU member states. GDPR came into effect on 25th May 2018 by replacing the Data Protection Directive (1995).  If any organization does not abide by the regulations, they have to pay a heavy fine, further causing them legal proceedings and huge reputational loss.

Importance of GDPR

GDPR came into effect due to rising privacy concerns and high-profile data breach incidents over the years. Consumers fear the loss of financial data and security information. GDPR protects the rights of the citizens of the European Union, enabling them to know about the data stored by the organization and the purpose behind storing the data.

No one can deny the role the privacy protection and information security play in the success of an organization. Therefore, it is imperative for organizations to comply with the requirements of GDPR and establish security measures and controls to manage and alleviate the risks of data breaches.

Types of personal data GDPR protects

The Personal data protected by GDPR about a data subject include:

·         Name, ID numbers, and residential address

·         IP address, location, cookie data

·         Genetic data

·         Health data

·         Biometric data

·         Racial or ethnic data

·         Political opinions and Sexual orientation.

Type of organizations GDPR applies to

GDPR applies to all those organizations handling the personal data of the EU citizens. These organizations may be located within the EU member states or outside of the EU.

The organizations located outside of the EU falls under the scope of the GDPR in the following situations:

1.     If the organization is situated outside of the European Union but offers goods and services to EU citizens, then it is subjected to the regulations of GDPR.

 

2.     If the organization monitors the online behavior of Eu citizens, for example, if it uses tools to track cookies and IP address of the user who visited its website, then the organization falls under the scope of GDPR.

Closure

Implementation of the EU's General Data Protection Regulation (GDPR) has put the consumers at the driver's seat. The GDPR has urged organizations to change their current arrangements and conventional approach and reinforce their information safety efforts to thwart any data breach incident. It has likewise motivated different nations around the globe to make satisfactory changes in their information security legislation.

Get certified with Infosec Train

Infosec train offers PECB certified GDPR foundation training course to provide the candidates the essential skill set to enforce the data protection framework, aid data access & storage, and mitigate the data breach incidents. The training program enables participants to comprehend the data privacy laws and get acquainted with the role of a Data Protection Officer (DPO).