What is GDPR?
From May 25, 2018, this new European privacy regulation came into effect. Basically, the GDPR stands for the General Data Protection Regulation, which implemented in all local privacy laws in the EU- European Union and EEA- European Economic Area region. This regulation is for all the companies selling and storing the personal information of the citizens in Europe.
The GDPR itself is a vast topic, it contains 11 chapters and 91 articles. Here some of the chapters and articles that can impact security operations,
- Article 17 and 18 – It gives data subjects, more control on the data of persons personal information that is processed automatically. Which means that data subjects may transfer their personal data between service providers more easily which is also called as the “right to portability”, also they can erase their personal data under certain circumstances which are also called as the “right to erasure data”.
- Articles 23 and 30 – It requires companies to implement some of the reasonable data to protect consumers personal data and privacy against losing their data.
- Articles 31 and 32 – Data breach notification plays an important role in the GDPR. Article 31 includes the requirement for single data breaches: it includes that the controllers must notify SAs of a personal data breach within 72 hours of knowing about the breach and must provide the required details. On the other hand Article 32 requires data controllers to notify data subjects as quickly as possible of breaches when the breaches place their freedom and rights at the highest risk.
- Articles 35 – It requires that some of the company that processes data revealing a subject’s genetic data, religious beliefs, health, racial or ethnic origin and many more must designate a data protection officer. He plays a role as providing an advice about the compliance with the regulation and acts as he has a great contact with Supervising Authorities (SAs).
- Articles 36 and 37 – This article outlines the position of the data protection officer and its responsibilities in ensuring GDPR compliance, also in reporting to SAs- Supervisory Authorities and data subjects.
Article 79 – This Article includes the penalties for non-compliance of GDPR, the penalties can be up to 4% of the violating company’s global annual revenue which is dependent on the nature of the violation.