1 hour 7 minutes

Video Description

For Information Security students - Some of the security principles underlying GDPR

Video Transcription

this video is really end of students of information security.
I thought it might be interesting to draw out some of the security concepts that underlying GDP are on, highlight them so that you can see how they used in drawing up the regulations and the thinking behind them.
GDP are explicitly trolls on a number of security concepts,
security by design, meaning that we build security considerations into data protection from the start, rather than adding them on as an afterthought.
As we'll see later, there are data protection impact assessments that will now need to be carried out at the start of any new project that involved personal data to ensure appropriate protections are in place and that the supervisory authority is notified if required.
Security Body fault
meaning that i software networks, databases, websites, et cetera, are set to secure settings by default before they come into production, and that user privacy settings are compliant with the lower rather than requiring user intervention to make their data secure.
Confidentiality, integrity and availability.
We see confidentiality is requirement through the use of encryption and pseudo normalization,
pseudo normalization being the processing of personal data, such that it cannot be attributed to a specific individual without the use of additional information.
The importance of this is that if we do have a data breach on a day to restore it such that the details we hold about individuals is separate from their identity in the data was encrypted.
We should have a secure bridge.
We have integrity requirements around. Keeping data is accurate and up to date and data subjects having the right to review, amend and have their personal data arrays known as the right to be forgotten.
And we have availability requirements
when are required to stop the unauthorized access off changing of our deletion of personal data or it's miss categorization or miss labeling.
It is particularly important that special categories of highly sensitive personal data are recognized as such as they receive special protection and increased penalties for misuse and the GDP are
data minimization, which means limiting the amount of data processed and stored to that required by the purpose of the processing
security over technology,
GDP, ours technology neutral. It is concerned with the end
that being processing character in a secure, legitimate, fair and transparent manner rather than the means, the technology and processes it down to each company or organization to decide.
It is expected that organizations will follow best practice within their industry. That's the industry certifications. Thes things evolve,
finally, accountability.
It is a requirement that the data control I shall be able to show compliance with GDP are
at all times.
In the next video, we'll be looking at the security of processing.
In the meantime, thanks for watching.

Up Next

Introduction to General Data Protections

The General Data Protection Regulations (GDPR) are the new regulations governing the processing of personal data for citizens and residents in the European Union (EU). They are a significant upgrade to existing laws and fundamentally change the relationship between the personal data of individuals in the EU and the organisations that process it. The GDPR makes our personal data legally ours and puts significant constraints on organisations that wish to process it. The regulations include significant and dissuasive fines on organisations that misuse personal data. This will affect any organisation globally that offers goods or services to the EU citizens or residents and processes their personal data. It comes into effect in May 2018. This course will provide an overview of those regulations.

Instructed By

Instructor Profile Image
Angus Alderman
Information Security Officer at Boden