GDPR: An Executive Guide To What You Need To Know

GDPR stands for "General Data Protection Regulation". It is a regulation that requires firms related to data services in EU (European Union)member states to protect the personal data and privacy of their citizens during any transactions.The European Parliament adopted this law in April 2016 and came into effect on 25th May 2018.

GDPR: Why You Should Be Worried!

We all might have heard about tech giants Google, right? It's a company worth billions of dollars,the leaders in any field related to the internet. Well, the French Data Protection Authority fined them 50 million dollars for failing to meet GDPR standards.

So, if your company is even related to any data services that include data of EU citizens or any transactions within any EU member states then I urge you to give this a read. Not understanding this regulation could result in a non-compliance. Such lawsuits could cost your company .Thus, it is high time to get a very good insight at GDPR with our help.

An Executive Guide to GDPR

The General Data Protection Regulation (GDPR) has a wide range of aspects. And it is important for you to have a basic understanding of everything going on here. In this guide, we will cover all the various aspects of GDPR and the challenges you might face.

The basic overview of the guideline we will be going through is as follows:

• GDPR Basics: Understanding The Data
• Which Companies Are Affected By GDPR?
• GDPR Principles: Key Features of 7 essential GDPR aspects
• Data Protection Requirements
• Benefits Of Data Protection
• Obligations Of Controllers And Processors Under GDPR
• Compliance Issues
• Breach of data and fines imposed
• Lawful Preparation: A Pro Guide To Easily Abide By GDPR

Coverage of all these subject matters above regarding GDPR will surely bolster your chances to keep in line with its regulations.

"We're all going to have to change what we think about data protection"

-Elizabeth Denham (Information commissioner, UK)

Now let's move onto the details regarding these subject matters of GDPR.

GDPR Basics: Understanding The Data

To get a firm grasp of GDPR and its how it works we must try to understand its core. And for that, we need a key understanding of various aspects of data. How it's processed and why is there such strict laws abiding data privacy.

Existence Of GDPR:

Why enact GDPR in the first place? Well as you can see about 59% per cent of the global population has internet access. That is about 4.5 billion people in total. Each of them with many more personal data of their own. All these data if intended can do serious harm by breaching all kinds of personal data. A person's financial assets, personal data all in the hands of your data companies.

Therefore, in simple for the protection of consumer data, GDPR came as an update to the EU Data Protection Directive of 1995.

In this 20th century as the whole world is going through digitization so are most companies. And this involves data, gazillions of them. So it is only righteous that companies, as they get digitized, are strictly held accountable for the data they handle.

"In God we trust, all others bring data"

-W Edwards Deming

Categories Of Private Data:

It is absolutely crucial that we understand the categories that fall under private data.

• Racial Or Ethnic Origin
• Political Opinions
• Basic Identification Information: name, ID, address, etc.
• Web Data: IP address, cookie data, location, etc.
• Health, Genetic And Biometric Data.
• Sexual Orientation

• Data Security Terms

Data Security is of utmost importance at present times. As the amount of data flow increases so do loopholes for hackers to breach them. Thus we must have a good understanding of data security protocols.

• Data Security prioritization.
• Undergo security system patches and updates as early as possible.
• Policy implementations and reviews need the utmost prioritization
• Educate Employees about data security measures.
• Firms must provide employees with secure and reliable data process systems. Such as for data file-sharing you can use a method known as MFT(Managed File Transfer) platforms.
• Basic standards for data security must be at the core of every firm's operation

A breach of data security doesn't happen with it barging in with all guns blazing, it comes stealthily, gets into your database, hacks those intended data and goes away silently leaving very few clues. And by the time you know, it's already too late

So, data security is something that requires every firm's undivided attention.

Which Companies Are Affected By GDPR?

Before going any further we ought to know which firms actually fall under the General Data Protection Regulation.

• Data processing including EU citizens.
• Firms processing data of EU citizens even if they are not situated amongst the EU member states
• Firms with more than 250 employees
• Firms with fewer than 250 employees may also be subject to GDPR if they process sensitive Personal Data.

To learn more about various ways GDPR affect your company, click on the link below:

GDPR Principles: Key Features of 7 essential GDPR aspects

The basis of GDPR lies within its six important pillars. Anyone trying to assess and understand GDPR at its core needs to know these 7 pillars. A good understanding of GDPR will allow you to maintain its legislation easily.

The 7 Principles are as follows:

• Lawfulness, fai ess and transparency
• Purpose limitation
• Data minimisation
• Accuracy
• Storage limitation
• Integrity and confidentiality (security)
• Accountability

Data Protection Requirements

We have narrowed down the data protection requirements into a few bullet points for your better understanding.

• There must be a legitimate purpose for data processing
• Maintaining Transparency for data subject rights
• Prohibit collection and processing of data outside legitimate purposes
• Clearing of data after the specified period of time
• Data Subject Rights have the right to interrogate the company about all matters related to their data
• Explicit consent from a data subject is necessary for any legitimate purposes.
• Firms need to maintain a Personal Data Breach Register
• Conducting a Data Protection Impact Assessment to estimate the impact of changes during a new project.
• Controllers have the obligation to ensure the protection and privacy of personal data when that data is being transferred outside the company.
• Every firm related to data processing sectors must hire a Data Protection Officer
• All employees must have concise and updated knowledge about data security measures taken by the company.

Benefits Of Data Protection

Now we turn our attention to the five key benefits we obtain due to data protection:

Obligations Of Data Controllers And Processors Under GDPR

Let's have a look at the obligations of controllers and processors at a glance:

• Data Processing Systems must have appropriate designs
• Processors should meet the legislative requirements
• The obligation to keep records with legitimacy and transparency
• Maintain Data Security at all costs
• Obligation to report data breaches within 72 hours of occurrence.
• Obligation to carry out data protection impact assessments
• Appointing Data protection officers (DPOs)
• Compliance with codes of conduct and certification
• Obligations relating to transferring data outside the EU

For details regarding these aspects of the data controller and processor obligations under GDPR click on the youtube link below:

Compliance issues

General Data Protection Regulation requires all businesses in the EU to ensure personal data protection. This regulation is quite an important and tough one to abide by. Non-compliance of any sorts with GDPR will result in a wholesome amount of fine. Here is a short briefing of various steps that EU companies need to take to be compliant with GDPR:

• You have to raise awareness about GDPR throughout your firm.
• Audit all personal data available.
• Constant update of private notice
• Review procedures for supporting individuals' rights
• Take legitimate and explicit measures in seeking and obtaining data
• Have documented consent of consumer when handling his private data
• Identification of the legal basis for processing all kinds of personal data
• Assess all procedures supporting subject access requests
• Establish procedures to detect, report and investigate a personal data breach within 72 hours.
• Appointing a Data Protection Officer(DPO)

Without a systematic way to start and keep data clean, bad data will happen."

- Donato Dorito

Breach Of Data And Fines Imposed

GDPR is apparently very strictly followed with even minor details taken into account.So if your company does not have an updated security system it may be susceptible to cyber-attacks. The number of breaches hitting Social Security numbers increased from 17.6% in 2016 to 26.1% in 2017.

• Stories of breaches you might find interesting

In the year 2011 an employee at a large firm opened an Excel attachment labelled "2011 Recruitment Plan," and inadvertently enabled a cyberattack that ended up costing that company $66 million.

A renowned corporation named Equifax in the year 2017 faced a huge breach of personal data that added up to 143 million. The reason behind this was they held out on a security update for two months.

Tech giant Google's fine of 50 million dollars for not being able to abide by GDPR imposed by the French court seems to be the most talked about Incidents.

• Types Of Data Breaches
• Physical Breach

This includes breach through means of laptop, computers, exte al hard disks etc. Basically any physical asset containing cardholder data, including hard-copy bills, faxes, credit card receipts, or blank checks.

• Electronic Breach

Breaches done through acquiring access via web servers or websites to a system's vulnerabilities through application-level attacks.

• Skimming

This is done by the capture and recording of magnetic stripe data on the back of credit cards.

These are the 3 basic categories Data Breach has been divided into.

Lawful Preparation: A Pro Guide To Compliant with GDPR

The legal basis of GDPR is a complex procedure. Here are the subject matters regarding the lawful preparation of GDPR :

• Consent
• Legitimate Interest
• Performance of a contract
• Vital Interest
• Legal Requirement
• Public Requirement

There's a lot in the GDPR you'll recognise from the current law, but make no mistake, this one's a game changer for everyone."

- Elizabeth Denham

Is your firm now ready to comply with GDPR? Well,not quite. You might need a few more insights to be set up. Subject matters such as compliance issues and obligations on controllers and also lawful preparations might pose a few more more problems going ahead. This is where Training Express comes to play. Their course on GDPR is the final leap you need to take to be successful at GDPR. So,why wait to get accredited by CPD.

"Data is the new oil"

-Clive Humby

Therefore why wait? Enrol to their GDPR Training Course