General Data Protection Regulation
.
.
This regulation was created by European Parliament and the Council of the European Union, became effective on May 2018 and is recognized as a significant achievement in Data Protection law. The sets Strict rules on how organizations handle , process and secure the personal data of individuals in EEA. It applies worldwide to any entity offering goods/services to or monitoring the behavior of EU residents.
Why GDPR ?
-GDPR is important because it protects people and set clear rules for how data is used - especially in a World where personal data is constantly collected.
Lawfulness and Fairness and Transparency : Personal Data must be processed lawfully, fairly and transparently to the data subject.
Purpose Limitation : Data must be collected for specified, explicit , and legitimate purposes and not further processed in a manner incompatible with those purpose.
Data Minimization: Only Data necessary for the intended purpose should be collected and processed.
Accuracy : Personal data must be accurate and kept up to data, inaccurate data should be erased or recertify without delay.
Integrity and Confidentiality : Data must be processed securely to protect against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
Accountability : Data controllers are responsible for and must demonstrate compliance with these principles.
Data Subject Rights : Including rights to access, recertification, erasure ( right to be forgotten) , restriction of processing, data portability, and objection to processing.
Consent : Must be freely given, specific informed , and unambiguous, with clear affirmative action.
Data Protection Impact Assessment (DPIA) : Required for processing that is likely to result in high risk to individuals rights and freedoms.
Data Breach Notifications : Controllers must notify supervisory authorities within 72 hours of a data breach and communicate to affected individuals if there is a high risk.
Data Protection officer (DPO) : Appointment is mandatory for certain organizations processing large scale sensitive data or monitoring individuals systematically.
Cross-border Data Transfers : Restrictions apply on transferring personal data outside the EU unless Enforcement tracker is useful for several reasons - GDPR Enforcement Tracker - list of GDPR fines adequate protection is ensured.