Time
1 hour 7 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

  • About me - What is GDPR? - The aims of GDPR - The scope of the regulations

Video Transcription

00:04
hello and welcome to the series of videos. Introduction to GDP are
00:08
in these videos. I'll explain what GPR is in. Some of the areas that you'll need to be aware of to ensure the organization becomes compliant with GDP are
00:17
in this first video. I'll introduce myself and provide some background to what GDP ours aims and objectives are.
00:28
So who am I?
00:30
Well, my name is Angus Alderman, and, as you can see from the picture, I'm based in London, England,
00:35
a vote to 19 information security for over 15 years and in that time of run fairly large infrastructure platforms, data centers of manage teams and had responsibility for the physical and logical security of environments
00:49
I've also been responsible for the security processes have been through a lot of audits.
00:53
The organization's I've worked for in a mix of international companies, mainly in the credits and payments industries.
00:58
I'm C I s has be certified and a member in good standing with the I C squared and also a member of the Institute of Information Security Professionals in the UK
01:07
But apart from that, I like cricket.
01:11
So what is GDP? L well, GDP r stands for the General Data Protection Regulations.
01:19
It's the European Union's update of the 1995 you data protection directive on the associative data protection acts of the U member states.
01:27
Legislation sets out the right the EU citizens to have that data protected
01:32
on the obligations on data controllers and processes to protect that data.
01:37
So what are controllers and processes?
01:40
Oh, briefly,
01:41
They are the organizations that collect news our data. They could be online retailers who keep records of our shopping habits.
01:48
Toe are employers who employs a very good example actually, of organizations that use personal data because they need to establish. We are who we say we are that we have the credentials and experience that we claim. Most importantly,
02:00
they need to buy us.
02:01
Another example is our healthcare providers, doctors and hospitals. They held some of our most personal and sensitive data
02:08
now. Previously, each member state implemented
02:13
the 19 94th directive in their own way through national laws,
02:15
and this led to a disparity in the way that data protection was implemented and enforced across the U
02:22
GDP are now standardizes data protection across the U, and it puts in place a much stronger enforcement structure
02:28
with much higher penalties for misuse of data for data loss.
02:32
So when does this come into effect?
02:35
Well, the critical day here is gonna be the 25th of May 2018.
02:40
This will, in all likelihood, applied to the UK despite Brexit,
02:44
that's the government's position is that all the U law be added to UK law? That's part of the great repeal bill.
02:51
This will also affect on you organizations that process the personal data of EU citizens.
03:00
Sort of the aims of GDP are
03:01
the preamble to the legislation or recitals too, given their proper name.
03:06
Give quite a bit of background as to why not think to data protection is required.
03:09
It says protection of personal data is a fundamental right and that everyone has the right to protection of personal data concerning them.
03:17
Broadly, it reinforces the right of individuals to data protection and allows them more control over their personal data. With right to view, amends, delete or move it,
03:29
it seeks to harmonize protection across the U
03:32
enabling controllers and processes toe work toe one set of regulations.
03:37
This in itself is expected to result in over two billion euros and savings.
03:42
And it will ensure the free flow personal date between member states
03:46
and thereby strengthen the internal market of the U.
03:51
GPR creates new requirements of breach notification, including having to notify the relevant supervisory authorities of data breaches within 72 hours.
04:00
It strengthens enforcement with much higher levels of fines that are intended to be effective, proportionate on dissuasive.
04:10
Now the regulations will apply to all organizations that process the personal data of EU citizens.
04:16
I think that the U. N anticipates that as large multinational organizations begin toe work to this standard
04:23
and impose it on their supplies,
04:25
it is likely that these rules will become the defector global standard for data protection
04:30
over the next few years.
04:31
So making it doubly relevant, I have a good understanding of the direction that data protection rules will likely go in the next few years.
04:39
In the next video, looking at some of the concepts that underlie GDP are that might be of interest to students of information security
04:46
boys, you can skip ahead to the third video, which is on the security of processing.
04:51
Thanks for watching

Up Next

Introduction to General Data Protections

The General Data Protection Regulations (GDPR) are the new regulations governing the processing of personal data for citizens and residents in the European Union (EU). They are a significant upgrade to existing laws and fundamentally change the relationship between the personal data of individuals in the EU and the organisations that process it. The GDPR makes our personal data legally ours and puts significant constraints on organisations that wish to process it. The regulations include significant and dissuasive fines on organisations that misuse personal data. This will affect any organisation globally that offers goods or services to the EU citizens or residents and processes their personal data. It comes into effect in May 2018. This course will provide an overview of those regulations.

Instructed By

Instructor Profile Image
Angus Alderman
Information Security Officer at Boden
Instructor