General Data Protection Regulation
What is the GDPR?
The GDPR statement (General Data Protection Regulation) was implemented by the European Union (EU) in May 2018. Its purpose is to protect the personal data of EU citizens by regulating how their data is collected, used, stored, and shared.
The Principles of Data Protection:
The GDPR statement is based on several principles of data protection. These principles are:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
- Privacy Notice:
Under the GDPR, you are required to provide individuals with a privacy notice. A privacy notice is a document that outlines how you collect, use, store, and share personal data. It should be clear, concise, and written in plain language. Your privacy notice should also include information on the individual’s rights under the GDPR statement.
You must have a lawful basis to collect and process personal data under the GDPR. There are six lawful bases for processing personal data:
- Contractual necessity
- Legal obligation
- Vital interests
- Public interest
- Legitimate interests
Under the GDPR statement, individuals have several rights regarding their data. These rights are:
- You have the right to be informed
- The right of access
- Also, the right to rectification
- The right to erasure
- Furthermore, the right to restrict processing
- The right to data portability
- Also, the right to object
- Rights concerning automated decision-making and profiling
Europe’s new data privacy and security law includes hundreds of pages worth of new requirements for organizations worldwide. Read more on the GDPR overview here to help you understand the law and determine what parts apply to you.