Scribd
Upload
18 views9 pages

GDPR

Uploaded by

v-anuraag.warawadeka
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
18 views9 pages

GDPR

Uploaded by

v-anuraag.warawadeka
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Understanding

the General Data


Protection
Regulation
(GDPR)
1
Overview of the GDPR

CONTENTS PRINCIPLES
• 11 chapters • Lawfulness, fairness and transparency
• 99 articles • Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

RIGHTS PENALTIES
• Right to Access • Maximum Penalty - not exceeding 20 million euros
• Right to Rectification per instance of violation
• Right to Erasure • Non-compliance with principles for processing of
• Right to Data Portability data
• Right to Object • Failure to notify data breaches
• Right to Restrict Processing • Non-fulfilment of Controller and Processor
• Right Related to Automated obligations
Decision Making and Profiling • Non-fulfilment of monitoring body and
certification body obligations
• Non-compliance with Data subjects’ rights
2
Key Concepts

“Personal Data” any information relating to an identified or identifiable


natural person.

“Sensitive Personal Data” any information that relates to an


individual's racial or ethnic origin, political opinions, religious
or philosophical beliefs, trade union membership, genetic
data, biometric data for the purpose of uniquely identifying
an individual, health data, or data concerning an individual's
sex life or sexual orientation.

“Data Subject” any natural person whose personal data is


collected, retained, or processed.

“Data Controller” an individual or organization that determines the purposes for


which and the way personal data is processed.

“Data Processor” an individual or entity that processes personal data on behalf


of a data controller. The data processor acts on behalf of the data controller and
processes the data according to their instructions.
3
Territorial & Material Scope

4
Data Processing Principles

Lawfulness, fairness Purpose limitation Data minimization Accuracy


and transparency

Storage limitation Integrity and Accountability


confidentiality

5
Data Subject Rights

Right to Access

Right to Rectification

Right to Erasure

Right to Data Portability

Right to Object

Right to Restrict Processing

Right Related to Automated Decision Making and Profiling

6
Penalties for GDPR Violation

10000000
Or 2% of global annual turnover for the preceding financial year
20000000
Or 4% of global annual turnover for the preceding financial year

Obligations of the Controller and the Processor Principles for processing of data
(Articles: 25, 32, 33, 34, 35) (Articles: 5, 6, 7, 8, 9, 10, 11)

Data breach notification Data subjects’ rights


(Articles: 33 and 34) (Articles: 12-22)

Obligations of the monitoring body Transfers of personal data


(Article 41) (Articles: 44-50)

7
Do Don’t
Understand Data Privacy Avoid Ambiguous Privacy
Laws Policies

Data Privacy Obtain Explicit Consent Share Data


Do’s and Unnecessarily
Don'ts
Implement Data Use Data for Unspecified
Minimization Purposes
Secure Personal Data Assume Data is Safe

8
Thank You!!

You might also like