What are the aims of the GDPR?

the GDPR is designed to protect all EU citizens from privacy and data breaches.

GDPR aims to:

Increase privacy and extend data rights to EU citizens

Help EU citizens understand personal data use

the main aim, however, is to give EU citizens control over how their data is being used. Part of this law aims to prevent organisations or individuals from holding and making use of inaccurate information regarding an individual. The reason for giving control to citizens over their data use is to give the public confidence about how their data is used.

What are the aims of the gdpr?

this also requires companies to keep people’s personal data safe

And secure from misuse. Examples of how this information can be misused include:

  • Identity theft
  • Nuisance calls
  • Junk mail

If there are any breaches of the gdpr, they can result in severe penalties, as breaching regulations is a criminal offence.

Key GDPR terminology

We are now going to look at the key terms relating to GDPR.

Personal data information relating to an individual (data subject) that can be used to identify the person both directly or indirectly

Processing automated or manual action on personal data. Examples of this are the collection, usage, disclosure, retention and disposal of data

Data controller the person who decides the reason why personal data is being processed and how it will be processed

Data processor a third party who will process personal data on behalf of the data controller

Key GDPR Terminology

Consent – an individual freely gives permission regarding their data. The data controller should keep records of this to demonstrate that consent was given

Data protection officer – a person who has formal responsibility for data protection compliance within a business

Data subject – the individual to which a piece of data relates

Right to be forgotten – the right erase personal data. An individual may request the removal of personal data when there is no reason for continuing to hold it.

Summary

In this module, we have gained a basic understanding of the general data protection regulation (gdpr).

The key things we have learnt are:

1)personal data is information that identifies a living Human.

2)how general data protection applies to the uk, both now And in the future even after brexit.

3)that the gdpr was created to expand our knowledge of data privacy which will help keep personal data more

Secure.

4 the supervisory authority that regulates the gdpr in the uk Is the information commissioner’s office (ico)

 

GDPR Explained 

Topics to be covered

In this second module, we will cover the

Following topics:

  • The history of gdpr
  • What are the key changes to the law?
  • What are the basic requirements of the law?
  • The structure of gdpr
  • Summary
  • Assessment

What are the key changes to the law?

We are now going to look at the changes that were brought forward by the update in regulations. The key changes to the law include:

Cost of fines :

A company may be fined up to €20,000,000 Or 4% of its global turnover for not complying With eu regulations.

Expanding into broader reach :

The impact on an organisation regardless of Where they are based geographically as we Now do much more business on-line.

3)a single supervisory authority :

Each organisation is supervised in its own Country. The supervisor will monitor the Organisations worldwide. The uk’s supervisor

Is the information commissioner’s office (ico).

What are the key changes to the law?

Breaching personal data: where there is a breach in the security of data which could lead to the accidental or unlawful loss, destruction, unauthorised disclosure of or allowing someone who is not authorised to gain access to personal data.

Individual consent: any consent given by an individual must be absolutely clear. When consent is withdrawn, or an objection is raised, the individual has the right to have their data erased. This is called the right to be forgotten. Data may be retained if there is a regulatory obligation to do so.

What are the basic requirements of the law?

We are now going to look at the key requirements of the general data protection regulation compliance. These requirements are:

Lawful, fair and transparent processing

data processing must be for a legitimate purpose. The companies must also inform data subjects how their personal data is being used.

Limitation of purpose, data and storage

data must be limited in its processing by only processing it for its required purpose. Only the data that is required should be collected, and must not be kept once the processing purpose is completed.

Data subject rights

data subjects have the right to know what information a company has about them and what they do with it. They also have the right to request a company to amend incorrect information or even erase their data.

What are the basic requirements of the law?

Consent

clear and explicit consent must be given when the data processed is being used for reasons other than its legitimate purpose. Where the data subject is less than 16 years of age, consent of the parent or guardian is required.

Personal data breaches

organisations must keep a personal data breach register and, depending on the level of the data breach, the regulator and the data subject must be informed of this breach within 72 hours.

Privacy by design

organisations must implement measures to ensure personal data is protected in the design of new systems and procedures.