Scribd
Upload
6 views

Data Privacy & Protection - An Introduction to Compliance Requirements (ISC2)

The document outlines the concepts of privacy, data protection, and data privacy, emphasizing the individual's right to control personal information and the measures taken to safeguard it. It details the seven principles of GDPR, which include lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. The distinction between data protection and information security is also highlighted, with the former focusing on personal data privacy and legal handling.

Uploaded by

oink
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
6 views

Data Privacy & Protection - An Introduction to Compliance Requirements (ISC2)

The document outlines the concepts of privacy, data protection, and data privacy, emphasizing the individual's right to control personal information and the measures taken to safeguard it. It details the seven principles of GDPR, which include lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. The distinction between data protection and information security is also highlighted, with the former focusing on personal data privacy and legal handling.

Uploaded by

oink
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Privacy = a person's right to solitude and autonomy over their own choices and

actions; the right of natural persons to control their own personal data (GDPR);
The right of a human individual to control the distribution of information about
him- or herself (ISC2)

Data Protection = the steps taken to protect private information from illegal
access, use, disclosure, or destruction. This includes gathering, keeping,
processing, and transferring personal data while also making sure it is accurate
and secure. The current concept of data protection, with its primary focus on
digital privacy and security, did not emerge until the latter half of the 20th
century; the efforts made to safeguard personally identifiable information from
loss, unauthorized access, misuse, alteration or destruction (IAPP); the process of
protecting information from unauthorized access, use, disclosure, destruction,
modification, or disruption (EDPS)

Data Privacy = the fundamental right of an individual to control their personal


information

Data Protection = focuses on techniques used to protect personal information

*Information security covers the broader scope of protecting all information


assets, while data protection specifically pertains to the protection of the
privacy and legal aspects of handling personal data.

7 GDPR Principles
1. Lawfulness, fairness, and transparency. Personal data must be processed
lawfully, fairly, and transparently; individuals must be informed of the purposes
and legal basis for processing their data.

2. Purpose limitation. Personal data should only be collected for specific,


explicit, and legitimate purposes, and further processing should be compatible with
the original purpose. In other words, one shouldn’t collect personal data just
because it might be useful in the future.

3. Data minimization and limitation. Only relevant personal data should be


collected and processed, limited to what is necessary for the intended purpose.

4. Accuracy. Personal data must be accurate and kept up to date, and measures
should be in place to rectify or erase inaccurate or incomplete data.

5. Storage limitation. Personal data should be retained for no longer than


necessary for the purpose it was collected, and appropriate retention periods
should be defined.

6. Integrity and confidentiality. Adequate security measures must be implemented to


protect personal data against unauthorized access, loss, destruction, or damage,
ensuring its integrity and confidentiality.

7. Accountability. Data controllers are responsible for demonstrating compliance


with these principles, including maintaining documentation of data processing
activities, conducting data protection impact assessments, and implementing
appropriate policies and procedures.

You might also like