this video is really end of students of information security.
I thought it might be interesting to draw out some of the security concepts that underlying GDP are on, highlight them so that you can see how they used in drawing up the regulations and the thinking behind them.
GDP are explicitly trolls on a number of security concepts,
security by design, meaning that we build security considerations into data protection from the start, rather than adding them on as an afterthought.
As we'll see later, there are data protection impact assessments that will now need to be carried out at the start of any new project that involved personal data to ensure appropriate protections are in place and that the supervisory authority is notified if required.
meaning that i software networks, databases, websites, et cetera, are set to secure settings by default before they come into production, and that user privacy settings are compliant with the lower rather than requiring user intervention to make their data secure.
Confidentiality, integrity and availability.
We see confidentiality is requirement through the use of encryption and pseudo normalization,
pseudo normalization being the processing of personal data, such that it cannot be attributed to a specific individual without the use of additional information.
The importance of this is that if we do have a data breach on a day to restore it such that the details we hold about individuals is separate from their identity in the data was encrypted.
We should have a secure bridge.
We have integrity requirements around. Keeping data is accurate and up to date and data subjects having the right to review, amend and have their personal data arrays known as the right to be forgotten.
And we have availability requirements
when are required to stop the unauthorized access off changing of our deletion of personal data or it's miss categorization or miss labeling.
It is particularly important that special categories of highly sensitive personal data are recognized as such as they receive special protection and increased penalties for misuse and the GDP are
data minimization, which means limiting the amount of data processed and stored to that required by the purpose of the processing
security over technology,
GDP, ours technology neutral. It is concerned with the end
that being processing character in a secure, legitimate, fair and transparent manner rather than the means, the technology and processes it down to each company or organization to decide.
It is expected that organizations will follow best practice within their industry. That's the industry certifications. Thes things evolve,
It is a requirement that the data control I shall be able to show compliance with GDP are
In the next video, we'll be looking at the security of processing.
In the meantime, thanks for watching.