hello and welcome to the series of videos. Introduction to GDP are
in these videos. I'll explain what GPR is in. Some of the areas that you'll need to be aware of to ensure the organization becomes compliant with GDP are
in this first video. I'll introduce myself and provide some background to what GDP ours aims and objectives are.
Well, my name is Angus Alderman, and, as you can see from the picture, I'm based in London, England,
a vote to 19 information security for over 15 years and in that time of run fairly large infrastructure platforms, data centers of manage teams and had responsibility for the physical and logical security of environments
I've also been responsible for the security processes have been through a lot of audits.
The organization's I've worked for in a mix of international companies, mainly in the credits and payments industries.
I'm C I s has be certified and a member in good standing with the I C squared and also a member of the Institute of Information Security Professionals in the UK
But apart from that, I like cricket.
So what is GDP? L well, GDP r stands for the General Data Protection Regulations.
It's the European Union's update of the 1995 you data protection directive on the associative data protection acts of the U member states.
Legislation sets out the right the EU citizens to have that data protected
on the obligations on data controllers and processes to protect that data.
So what are controllers and processes?
They are the organizations that collect news our data. They could be online retailers who keep records of our shopping habits.
Toe are employers who employs a very good example actually, of organizations that use personal data because they need to establish. We are who we say we are that we have the credentials and experience that we claim. Most importantly,
they need to buy us.
Another example is our healthcare providers, doctors and hospitals. They held some of our most personal and sensitive data
now. Previously, each member state implemented
the 19 94th directive in their own way through national laws,
and this led to a disparity in the way that data protection was implemented and enforced across the U
GDP are now standardizes data protection across the U, and it puts in place a much stronger enforcement structure
with much higher penalties for misuse of data for data loss.
So when does this come into effect?
Well, the critical day here is gonna be the 25th of May 2018.
This will, in all likelihood, applied to the UK despite Brexit,
that's the government's position is that all the U law be added to UK law? That's part of the great repeal bill.
This will also affect on you organizations that process the personal data of EU citizens.
Sort of the aims of GDP are
the preamble to the legislation or recitals too, given their proper name.
Give quite a bit of background as to why not think to data protection is required.
It says protection of personal data is a fundamental right and that everyone has the right to protection of personal data concerning them.
Broadly, it reinforces the right of individuals to data protection and allows them more control over their personal data. With right to view, amends, delete or move it,
it seeks to harmonize protection across the U
enabling controllers and processes toe work toe one set of regulations.
This in itself is expected to result in over two billion euros and savings.
And it will ensure the free flow personal date between member states
and thereby strengthen the internal market of the U.
GPR creates new requirements of breach notification, including having to notify the relevant supervisory authorities of data breaches within 72 hours.
It strengthens enforcement with much higher levels of fines that are intended to be effective, proportionate on dissuasive.
Now the regulations will apply to all organizations that process the personal data of EU citizens.
I think that the U. N anticipates that as large multinational organizations begin toe work to this standard
and impose it on their supplies,
it is likely that these rules will become the defector global standard for data protection
over the next few years.
So making it doubly relevant, I have a good understanding of the direction that data protection rules will likely go in the next few years.
In the next video, looking at some of the concepts that underlie GDP are that might be of interest to students of information security
boys, you can skip ahead to the third video, which is on the security of processing.