General Data Protection Regulation (GDPR)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> The General Data Protection Regulation, GDPR.
00:00
In this lesson, we want to talk
00:00
about the origins of GDPR,
00:00
the types of information that are regulated by GDPR,
00:00
and the implications of GDPR in the Cloud.
00:00
The General Data Protection Regulation was
00:00
passed by the European Union in 2016.
00:00
It applies to all EU member states
00:00
and European Union citizens.
00:00
That's a very important distinction,
00:00
that GDPR are really
00:00
increased the amount of security requirements around
00:00
data protection and privacy
00:00
and ensure that EU citizens had
00:00
a whole host of rights related to how
00:00
their data was handled by organizations.
00:00
One important distinction in GDPR
00:00
is data controllers versus processors.
00:00
The EU citizen is really the data subject.
00:00
Any organization that processes or
00:00
stores data related to an EU citizen is
00:00
a data processor and therefore
00:00
required to meet the standards associated with GDPR.
00:00
In the United States this caused a lot
00:00
of stir because of the requirements
00:00
are so strict and there are large penalties associated
00:00
with failures to adhere to the GDPR requirements.
00:00
I think many US companies think,
00:00
well, I'm not really
00:00
doing business in the European Union,
00:00
or I don't really think this applies to us,
00:00
but the fact that the GDPR requirements are attached to
00:00
each individual citizens of
00:00
a European nation is really important.
00:00
I don't know if all organizations understand
00:00
that such a granular level that one customer or
00:00
one person using their services
00:00
could invoke their requirements under GDPR.
00:00
Now how does this really apply to the Cloud?
00:00
Well, the GDPR has
00:00
many strict security requirements
00:00
that must be adhered to.
00:00
Some of the more important ones are around
00:00
breach, notification and penalties.
00:00
Once an organization becomes aware of a security breach,
00:00
they have to report it within 72 hours.
00:00
There are different standards
00:00
related to the types of breach.
00:00
There's a risk assessment tool that evaluates
00:00
the real risk and impact of the data that was disclosed.
00:00
However, if you fail
00:00
to notify individuals of a breach within this window,
00:00
the penalties can be quite severe.
00:00
The penalty for failing to report a breach under GDPR
00:00
can be 4 percent of a company's income,
00:00
or it can be 4 percent of their gross or global turnover.
00:00
Now there is a cap,
00:00
the cap is up to $20 million,
00:00
these are €20 million.
00:00
However, that's still a fairly large fine.
00:00
It's designed to really make companies more accountable
00:00
for the protection of individuals data on the Internet,
00:00
and ensure that there are
00:00
penalties for companies that aren't
00:00
good stewards of data
00:00
relating to European Union citizens.
00:00
This has really sparked
00:00
a broader debate about whether there needs to be
00:00
more regulation on insurance for protecting
00:00
individual's data in Cloud environments
00:00
as well as more broadly,
00:00
in the United States, some states, Texas, California,
00:00
and Massachusetts have an
00:00
enacting their own data privacy and
00:00
protection legislation such as the CCPA in California.
00:00
Quiz question, which of the following is
00:00
the maximum GDPR penalty?
00:00
Four percent of global turnover,
00:00
4 percent of global income, or £20 million.
00:00
If you said £20 million your correct.
00:00
Now, this is a little bit of
00:00
a trick question because the fine could
00:00
be 4 percent of global turnover
00:00
or 4 percent of global income.
00:00
However, what the question
00:00
wanted it's the maximum penalty,
00:00
which is, it could be either of those first two,
00:00
up to £20 million.
00:00
In summary, we talked
00:00
>> about the origins and importance of
00:00
>> GDPR and the implication of GDPR in the Cloud.
00:00
I'll see you in the next lesson.
Up Next