WHAT IS GDPR?
GDPR stands for General Data Protection Regulation. It is a privacy law that will take effect on May 25, to update and complement legislation across the members of the European Union including U.K.
Specialists say that it will update laws from the mid-1990s and deal with privacy challenges by increasing transparency. After this date (May 25, 2018), GDPR will replace all the laws related to data protection as it will only be administered by GDPR.
WHO IS IT FOR?
All registered organisations in EU or have a subsidiary or establishment in EU are concerned. GDPR also applies to all organisations that sell goods and services to EU citizens and process their personal data.
Which parties are involved in GDPR?
Data controllers decide the reasons and methods of processing personal data
Data processors are responsible for directly processing personal data based on the guidelines and instructions given by the data controllers. (i.e include subcontractors)
Data subjects are the citizens of EU using goods and services provided by the data controllers
WHAT ARE THE KEY CHANGES ?
SECURITY ACTIONS REQUIRED:
- The encryption and pseudonymisation of personal data.
- Systematic testing, assessment and evaluations from organisations
- Confidentiality, integrity, availability, and flexibility of processing systems and services.
- Restoration of the access to personal data in a timely manner, when a physical or technical incident happens.
name, email, address, and ID numbers, IP address, cookies data, and RFID tags, Health, genetic, and biometric data, Racial or ethnic data, Political opinions, Sexual orientation
The GDPR authorities will have the capacity to issue fines of up to EUR 20 million or 4% of yearly worldwide turnover, whichever is higher if there is a break of terms recorded by the authorities