GDPR
General Data Protection Regulation (2019).
- Toughest privacy and security law in the world.
- Imposes obligations onto organizations anywhere, if they target or collect data related to people in the EU.
- Sets keys principles regarding the FAIR and PROPER USE of information about people.
Key principles
PACMAT:
- Purpose Limitation: collect data only for a specific and legitimate purpose.
- Accountability: accountable for proving its compliance with GDPR with appropriate measures and records.
- Confidentiality (and Integrity): duty to protect personal data and to engage in the best data governance practices.
- Minimization of Data: every data must be adequate, relevant and limited to what is necessary.
- Accuracy (and Retention): cannot keep the data longer than necessary and has to check the data accuracy periodically.
- Transparency: must give an understandable and easy access to any information or communication relating to the processing of personal data.
What is personal data?
It refers to any information relating to an individual who can be identified directly or indirectly:
- From collected data
- From a combination of information about the individual, which, if cross-checked, enables their identification
Personal data consists of:
- General personal data (name, surname, address, ”…“)
- Enables the identification of an individual.
- Sensitive data (religion/beliefs, sexual orientation, health)
- Is a type of personal data that if revealed can significantly and irrevocably harm an individual by example by leaving an invidual vulnerable to discrimination or harassment.
ePrivacy directive (2022)
- Complements the GDPR.
- Regulation of various privacy-related topics mostly in relation to electronic communications within the EU.
- Sets keys principles regarding confidentiality of communications and cookies.