(123)456 7890 [email protected]

General Data Protection Regulation

imageByadminSeptember 17, 2022 0

Introduction to the GDPR: who, what, when, why and where of the GDPR

Why IT professionals should know about GDPR – it is law in all countries that are members of the European Union (EU) and countries that work with the European Union or have customers in the countries of the European Union.

Why does the GDPR exist? – the main reason to protect the fundamental rights of individuals, that is, the right to privacy.

Why do we need GDPR – EU data protection was passed in 1995 and as technology evolves there are many changes to data.

Who does it apply to? GDPR applies to organizations that do anything with data about people.

PRAYED

It applies to the entire organization in the EU and to all those organizations that work with the EU, ie offer goods and services in the EU or monitor behaviour.

PRAYED

Simply to say GDPR applies to all organizations within the EU or outside the EU that work with people from the EU.

GDPR has 06 principles

  1. Data uses are fair and expected
  2. Only have data that is necessary
  3. All data must be accurate.
  4. Delete when done
  5. Keep data safe
  6. Be responsible.

What is the risk of non-compliance with the GDPR?

1. Reputation – If the organization does not complain about the GDPR, it means that people may not trust that company.

2. Fines and penalties if the GDPR is not followed – the fine could be 20 million euros or 4% of the organization’s global turnover

3. Liability risk – people/customers who use the organization’s services can sue the organization if it is misused or data is leaked.

In each country you have a local data protection authority. In India there is no such authority, but data protection is covered by the IT Act (70). It is a punishable offense and the person can be sentenced to 3 years imprisonment or a fine of Rs 5,00,000/-

Let’s understand GDPR in detail –

GDPR Article 1 – “This regulation establishes rules related to the protection of living human beings with respect to the processing of anything with Personal Data…”

  1. living humans – means that “people” belong to any geography.
  2. Treatment of personal data – it means doing anything or anything with the data, i.e. collecting, analyzing, using, recording, structuring, querying, retrieving, transmitting, or being anything.
  3. Personal information – any information related to an identified or identifiable living human being, ie Social Security number, PAN number, driver’s licenses.

Three key terms in GDPR

  1. data subjects – are the data of the people for whom they work and who work for them means customers or employees
  2. data controller – means where the data controls, that is, the information once you log in, your work and the act you perform
  3. data processors – where the data processor such as the organization uses cloud services to process the data, it could be AWS or any cloud. Both data controllers and data processors process (do anything with) personal data. Companies or the government may be controllers or data processors.

GDPR Regulation –

GDPR is divided into 02 parts

  1. recitals – 173 recitals in mind
  2. Items – 99 items in account

GDPR principles in detail

1). Fair and expected – Let’s discuss in detail, all data processing is lawful, fair and transparent. Transparent means: When you collect data, you need to tell people what you are going to do with the data and why.

two). Fair – Balancing the fundamental rights and freedoms of the person whose data is, with the rights to retain their data for other means of processing, a financial website may not share personal data of individuals with other companies without the consent of individuals.

3) lawful – there are six reasons for processing the data:

  • Consent of the interested party
  • Contract of the interested party
  • Legal obligation: companies are obliged to share data with government authorities.
  • vital interests.
  • Public interest / official authority: processing of your personal data such as Siebel for your financial statement.
  • Legitimate Interests.

Key data protection concepts and principles: All processing must be lawful

In addition to the above principle 6, there are special category data that cannot be processed or need special approval from government authorities.

the categories are

  • Allow discrimination: race, religion, political party or union membership.
  • Genetic / biometric data,
  • Health,
  • Life/sexual orientation

But still, if the organization or person wants to process the special category data, then they need another good reason and these are 6.

  • Explicit consent of the interested party
  • Employment – context on employment under special category
  • Vital interests – health
  • Substantial public interest
  • what an organization does
  • public health special category data processing

(Disclaimer: If you are looking for specific government information on GDPR, then you should consult a lawyer who can consult on GDPR)

Innovative Technology Solutions offers GDPR training in Gurgaon, India. ITS is an Authorized Training Partner of GDPR and offers GPPR Certification in India

Leave a Reply

Your email address will not be published. Required fields are marked *