GDPR is Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. This GDPR overview will help you understand the law and determine what parts of it apply to you.

Full abbreviation of GDPR is General Data Protection Regulation. It imposes obligations onto organizations anywhere in world. So, if your company wants to collect data from the people of EU, you have to follow GDPR.

The GDPR defines an array of legal terms at length. Below are some of the most important ones that we refer to in this article:

Personal data — Personal data is any information that relates to an individual who can be directly or indirectly identified. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data. Pseudonymous data can also fall under the definition if it’s relatively easy to ID someone from it.

Data processing — Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing… so basically anything.

Data subject — The person whose data is processed. These are your customers or site visitors.

Data controller — The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.

Data processor — A third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations.

What are the key regulatory points of the GDPR ?

Data protection principles

1. If you are processing data, processing must be lawful, fair, and transparent to the data subject or individual.
2. If you are processing data, you must process data for the legitimate purposes specified explicitly to the individual when you collected it.
3. You should collect and process only as much data as absolutely necessary for the purposes specified.
4. You must keep personal data accurate and up to date.
5. You may only store personally identifying data for as long as necessary for the specified purpose.
6. You may only store personally identifying data for as long as necessary for the specified purpose.
7. Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption). This is where encryptgig can help you.
8. The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Accountability

The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. And this isn’t something you can do after the fact: If you think you are compliant with the GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:

1. Designate data protection responsibilities to your team.
2. Maintain detailed documentation of the data you’re collecting, how it’s used, where it’s stored, which employee is responsible for it, etc.
3. Train your staff and implement technical and organizational security measures.
4. Have Data Processing Agreement contracts in place with third parties you contract to process data for you.
5. Appoint a Data Protection Officer (though not all organizations need one — more on that in this article). Data security
6. Use two-factor authentication on accounts where personal data are stored.
7. Use end-to-end encryption. Encryptgig can help you here.
8. Staff trainings, adding a data privacy policy to your employee handbook, or limiting access to personal data to only those employees in your organization who need it.
9. If you have a data breach, you have 72 hours to tell the data subjects or face penalties. People’s privacy rights You are a data controller and/or a data processor. But as a person who uses the Internet, you’re also a data subject. The GDPR recognizes a litany of new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights to ensure you are GDPR compliant.

Below is a rundown of data subjects’ privacy rights:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision-making and profiling

Conclusion

GDPR is a huge standard in itself. But as an organzation Encryptgig can help you in solving your encryption related problems.