General Data Protection Regulation Privacy Principles

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> General Data Protection Regulation privacy principles.
00:00
In this lesson, we want to talk about
00:00
the seven GDPR privacy principles,
00:00
the principle requirements, and
00:00
the implication of these GDPR concepts in the Cloud.
00:00
In our last lesson,
00:00
>> we talked about the origins of GDPR,
00:00
>> many of the security
00:00
and breach notification requirements.
00:00
However, a lot of GDPR involves
00:00
protecting the privacy of EU citizens.
00:00
Those privacy protections are really
00:00
embodied by seven privacy principles.
00:00
The first of which is notice.
00:00
Notice means that individuals
00:00
informed about the personal information
00:00
that a company is either
00:00
gathering or creating about them.
00:00
The second one, choice, goes into that every individual
00:00
can choose whether or not to
00:00
disclose their personal information,
00:00
and that a company can't decide to gather,
00:00
create personal information about an individual who has
00:00
not explicitly agreed to provide that information.
00:00
The third one, purpose, is fairly straightforward.
00:00
Individuals need to be told how
00:00
their information will be gathered
00:00
and how it will be used
00:00
and whether that data will be
00:00
shared with any other entity.
00:00
That doesn't mean that companies can't
00:00
share data that's regulated by GDPR,
00:00
however, they need to disclose the purpose.
00:00
>> Individuals need to
00:00
>> opt in to those sharing agreements.
00:00
Access refers to an individual is allowed
00:00
to get copies of their information from a company.
00:00
They are able to just reach out to any company
00:00
that they provided their data to
00:00
and ask them to get a copy.
00:00
Now, this is where I think many of
00:00
the GDPR things get difficult.
00:00
>> In that access to information,
00:00
>> you had to really have information segregated down to
00:00
a very granular user level, and have the ability to
00:00
query and organize that information,
00:00
and also keep it protected.
00:00
Integrity refers to that an individual must be allowed
00:00
>> to correct any of their own information
00:00
>> that is inaccurate.
00:00
>> It's interesting. We always think
00:00
of integrity from protecting
00:00
information from unauthorized changes
00:00
either by accident or from a threat actor,
00:00
but in this context, it's allowing
00:00
the data subject in the context of
00:00
the GDPR language, to make changes and
00:00
have control over the integrity of their information.
00:00
Security is what we would typically think about,
00:00
that any entity holding
00:00
individual's information is
00:00
responsible for the security of
00:00
information and liable for
00:00
any breaches or unauthorized disclosures of that data.
00:00
Then the final one is enforcement, that
00:00
anyone who's either collecting, or
00:00
processing, or creating data associated
00:00
with EU citizens understand that they are
00:00
subjected to an enforcement of actions
00:00
of GDPR by EU authorities.
00:00
The first ones, notice, choice and purpose,
00:00
these are privacy oriented
00:00
concepts that must be communicated.
00:00
Any company in the Cloud has
00:00
to be very conscientious about
00:00
how they are notified, view about the data,
00:00
what their data is,
00:00
and how it's going to be used, and
00:00
any sharing agreements that are going on?
00:00
The access, integrity pieces are
00:00
really somewhat of a challenge
00:00
from a data storage perspective
00:00
of entering that you can provide people easy access to
00:00
individual records and also allow
00:00
individuals whose data is being stored
00:00
in your product or your Cloud
00:00
>> to make an update changes.
00:00
>> Ultimately, the typical
00:00
things that we think about in Cloud environments like
00:00
ensuring that security is properly done
00:00
>> and that we have robust process to monitor and
00:00
>> respond if breaches occur.
00:00
Quiz question, which GDPR
00:00
privacy principle allows an individual
00:00
to correct their own information?
00:00
Purpose, access, or integrity.
00:00
If you said integrity, you're correct.
00:00
Purpose refers to why the data is being collected,
00:00
used, and if it will be
00:00
shared with any other organizations?
00:00
Access means that individual can request
00:00
copies of their data from an organization.
00:00
Integrity refers to that individual
00:00
can correct errors in their own information.
00:00
In summary, we talked about
00:00
the seven GDPR privacy principles,
00:00
the requirements for the GDPR privacy principles,
00:00
and the impact that
00:00
those GDPR privacy principles have in the Cloud.
00:00
I'll see you in the next lesson.
Up Next