Más contenido relacionado


GDPR Basics - General Data Protection Regulation

  2. DALLASVICKY - / 402 Finalized & Agreed on 2016 Will be fully Enforced on May 2018 The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
  3. DALLASVICKY - / 403 It’s about you. About us! The overall goal of the GDPR is to ensure that individuals have more control over the use of their personal data, and to have more oversight on the processing of that data by companies. The right of an individual to have their information deleted by a company, and the requirement of a company to reply to complaints of safety violations within 45 days are probably the two biggest changes in the regulations for individuals.
  4. DALLASVICKY - / 404
  6. DALLASVICKY - / 406 Personal Data Belongs To the Individual Give Consent Safe Harbor Framework Safe Harbor is the name of an agreement between the United States Department of Commerce and the European Union that regulated the way that U.S. companies could export and handle the personal data of European citizens. New Directive Passed Telephone & Internet Companies To Retain Data (trace location / serious crimes) Reconsider Laws Safe Harbor Framwork Determined to be invalid NEW GDPR To Replace 1995 Directive. Replace Safe Harbor Framework DEADLINE
  7. DALLASVICKY - / 407 Time is running out… May 25th 2018
  10. DALLASVICKY - / 4010
  12. DALLASVICKY - / 4012 Natural Person = is a living individual Personal Data = any information relating to an identified or identifiable natural person (data subject)
  13. DALLASVICKY - / 4013 Personal Data = any information relating to an identified or identifiable natural person (data subject) Name, identification number, location data, an online identifier or any factor specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  14. DALLASVICKY - / 4014 Processing = any operation or set of operations performed on Personal data. Collection, storage, recording, alteration, retrieval, use, erasure or extraction The term "processing" is very broad. It essentially means anything that is done to, or with, personal data (including simply collecting, storing or deleting those data).This definition is significant because it clarifies the fact that EU data protection law is likely to apply wherever an organisation does anything that involves or affects personal data.
  15. DALLASVICKY - / 4015 Controller “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”
  16. DALLASVICKY - / 4016 Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller 01000100 01000001 01001100 01001100 01000001 01010011 01000000 00111001 01000001 01001101 01001100 01000001 01000010 01010011 00101110 01000011 01001111 01001101 01000100 01000001 01001100 01001100 01000001 01010011 01000000 00111001 01000001 01001101 01001100 01000001 01000010 01010011 00101110 01000011 01001111 01001101
  17. DALLASVICKY - / 4017 Consent of the data subject means: "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" It signifies agreement to the processing of personal data. must be “by a statement or by a clear affirmative action”
  19. DALLASVICKY - / 4019 Lawfulness, fairness and transparency Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject Purpose limitation Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes Data minimisation Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed Accuracy Personal data shall be accurate and, where necessary, kept up to date Storage limitation Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed Integrity and confidentiality Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures Accountability The controller shall be responsible for, and be able to demonstrate compliance with the GDPR
  20. DALLASVICKY - YOU HAVE THE RIGHT…. not to remain silent. :)
  21. DALLASVICKY - / 4021 Right to be informed. The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how you use personal data.
  22. DALLASVICKY - / 4022 Right of Access. Individuals have the right to access their personal data and supplementary information. The right of access allows individuals to be aware of and verify the lawfulness of the processing.
  23. DALLASVICKY - / 4023 Right to rectification. The GDPR gives individuals the right to have personal data rectified. Personal data can be rectified if it is inaccurate or incomplete
  24. DALLASVICKY - / 4024 Right to Erasure. The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
  25. DALLASVICKY - / 4025 Right to Restrict Processing. Individuals have a right to ‘block’ or suppress processing of personal data.When processing is restricted, you are permitted to store the personal data, but not further process it.You can retain just enough information about the individual to ensure that the restriction is respected in future.
  26. DALLASVICKY - / 4026 Right to Data Portability. The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  27. DALLASVICKY - / 4027 Right to Object. Individuals have the right to object to: processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
  28. DALLASVICKY - / 4028 Rights related to automated decision making including profiling. The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.
  30. DALLASVICKY - / 4030 DPO A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. Companies have the option of hiring a full time DPO, or contracting one out.
  31. DALLASVICKY - / 4031 Educating… …the company and employees on important compliance requirements
  32. DALLASVICKY - / 4032 Training… …staff involved in data processing
  33. DALLASVICKY - / 4033 Conducting audits… …to ensure compliance and address potential issues proactively
  34. DALLASVICKY - / 4034 Serving… …as the point of contact between the company and GDPR Supervisory Authorities Monitoring performance and providing advice on the impact of data protection efforts
  35. DALLASVICKY - / 4035 Maintaining… …comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities, which must be made public on request
  36. DALLASVICKY - / 4036 Interfacing… …with data subjects to inform them about how their data is being used, their rights to have their personal data erased, and what measures the company has put in place to protect their personal information
  38. DALLASVICKY - / 4038 How to Prepare…
  39. DALLASVICKY - / 4039