GDPR Made Simple

December 28, 2017 | Views: 2041

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Anyone who is not involved in the world of Information Security could be forgiven for not having heard about GDPR (General Data Protection Regulation) but if you are in this field you are more likely to have heard about it and wondered how it will affect practices in your role and across the business.

I will attempt to keep this as simple as possible but most of what is in GDPR is best practice. Back in the 90’s the EU stated that all members must have Data Protection laws on the handling of personal data and the UK created DPA (The Data Protection Act 98). GDPR is standardising all of the different member nation’s different rules into one.

As of 25th of May 2018 these are the new rules to come into effect:

Privacy by Design

Privacy by Design (PbD) has been a part of EU data regulations for a while, but now with this new law, it’s all about minimizing the collection and retention of data and ensuring that consumers consent to their data being stored and processed.

Impact Assessments

Companies have to know exactly where all the data on the networks is located and all data needs to be classified so the company can tell what kind of data has been breached. Companies will also need to show how the data is monitored and run an analysis of the risks to their data subject’s privacy and what impact this may have.

Right to be Forgotten

Consumers have always been able to ask that their data be deleted and companies no longer contact them. GDPR now extends this right to include data published on the web. This is right to stay out of the public view and be forgotten.

Data Leaks

A few requirement of GDPR is that companies will have to notify the Data authorities of a data breach or leak within 72 hours of being discovered. The Data subjects will also have to notified but only if the data poses a high risk to their rights, privacy and freedoms.

I know what you’re thinking at this point.

“But the UK voted to leave the EU (Brexit) so we don’t need to worry about this now as we are leaving the European Union.”

Well you would be wrong. GDPR States that even if a company does not have a presence in the EU but collects information on people or trades with the EU, then they must meet the requirements of it. Therefore, this Law will apply to businesses outside of the EU too.

“But if we are outside the EU how can they enforce this?”

Well the GDPR has a serious penalty structure that could lead to fines of up to €20 million or 4% of global annual turnover for the previous financial year. That should be serious enough to make you take note if you want to continue to trade with the EU.

I hope this helps simplify GDPR but if you have any questions just leave them below in the comments.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?