DECODING THE GENERAL DATA PROTECTION … THE GENERAL DATA PROTECTION REGULATION GDPR comes into...
1
DECODING THE GENERAL DATA PROTECTION REGULATION GDPR comes into effect soon, and many data-stewards are still trying to decode the new data protection law. The first step in making sure you are GDPR-ready is understanding the different definitions in play. This terminology cheat sheet can help you unravel the new privacy regulations one term at time. GDPR BUSINESS IMPACTS ARE YOU READY? Comes into effect, MAY 25, 2018 Up to 20 MILLION or 4% annual global revenue in fines for non-compliance. 24 47 67 92 of surveyed companies recognize the need to comply with GDPR, yet 67% 47% don’t have a plan to be compliant by the deadline. of US companies say GDPR compliance is number one data protection priority. 92% 24% of UK companies stopped preparing for GDPR following Brexit. GDPR TERMINOLOGY CHEAT SHEET For more information on preparing for GDPR, watch this free webinar from Tealium and ObservePoint: GDPR: Tactical Steps You Must Take to Ensure Compliance. WATCH WEBINAR KEY TERMS TO KNOW • Must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. • Must be clear and distinguishable from other matters and provided in an intel- ligible and easily accessible form, using clear and plain language. • Must be as easy to withdraw as it is to give. CONSENT • All breaches must be reported to regula- tors within 72 hours of the organization becoming aware of it. • The regulator must also be informed of “effective, proportionate and dissuasive” measures taken/proposed to address the breach and/or mitigate its effects. • If the breach is sufficiently serious to warrant notification to affected custom- ers, the organization responsible must do so without undue delay. DATA BREACHES GDPR extends the Data Protection Direc- tive’s regulations on cross-border data trans- fer, requiring countries to have an adequate amount of data protection infrastructure, or for companies to adopt binding corporate rules. CROSS-BORDER DATA TRANSFERS A data controller is the entity (either an indi- vidual or company) responsible for determin- ing how data is used or will be used. DATA CONTROLLER A data processor is the entity responsible for processing or storing data on behalf of the data controller. The data processor is not an employee of the data controller. This means cloud-based data collection must also be compliant. DATA PROCESSOR The right of a consumer to access the data that has been collected by a company and transfer that data to another processor. DATA PORTABILITY • Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices. • May be a staff member or an external service provider. • Contact details must be provided to the relevant DPA. • Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge. • Must report directly to the highest level of management. • Must not carry out any other tasks that could results in a conflict of interest. DATA PROTECTION OFFICER (not required for all organizations) Making automated decisions for marketing or otherwise based on data that makes assumptions about user’s personal charac- teristics, such as “that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.” DATA PROFILING The process of separating personal identifi- ers from linked data sets, resulting in greater security but not altogether destroying the utility of the data. PSEUDONYMIZATION GDPR requires diligent vendor management, requiring the data controller to be fully invested in under- standing how the data processor (vendor) is using data, and that usage is compliant with GDPR. Creating and maintaining accurate Data Protection Impact Assessments (DPIAs) falls under this requirement. VENDOR MANAGEMENT
Transcript of DECODING THE GENERAL DATA PROTECTION … THE GENERAL DATA PROTECTION REGULATION GDPR comes into...
DECODING THE GENERAL DATA PROTECTION REGULATION
GDPR comes into effect soon, and many data-stewards are still trying to decode the new data protection law. The first step in making sure you are GDPR-ready is understanding the different definitions in play. This terminology cheat sheet can help you unravel the new privacy regulations one term at time.
GDPR BUSINESS IMPACTS ARE YOU READY?
Comes into effect,
MAY 25, 2018
Up to 20 MILLIONor 4% annual global revenue
in fines for non-compliance.
24476792
of surveyed companies recognize the need to comply with GDPR, yet
67%
47% don’t have a plan to be compliant by the deadline.
of US companies say GDPR compliance is number one data protection priority.
92%
24% of UK companies stopped preparing for GDPR following Brexit.
GDPR TERMINOLOGY CHEAT SHEET
For more information on preparing for GDPR, watch this free webinar from Tealium and ObservePoint: GDPR: Tactical
Steps You Must Take to Ensure Compliance.
WATCH WEBINAR
KEY TERMS TO KNOW
• Must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent.
• Must be clear and distinguishable from other matters and provided in an intel-ligible and easily accessible form, using clear and plain language.
• Must be as easy to withdraw as it is to give.
CONSENT
• All breaches must be reported to regula-tors within 72 hours of the organization becoming aware of it.
• The regulator must also be informed of “effective, proportionate and dissuasive” measures taken/proposed to address the breach and/or mitigate its effects.
• If the breach is sufficiently serious to warrant notification to affected custom-ers, the organization responsible must do so without undue delay.
DATA BREACHES
GDPR extends the Data Protection Direc-tive’s regulations on cross-border data trans-fer, requiring countries to have an adequate amount of data protection infrastructure, or for companies to adopt binding corporate rules.
CROSS-BORDER DATA TRANSFERS
A data controller is the entity (either an indi-vidual or company) responsible for determin-ing how data is used or will be used.
DATA CONTROLLER
A data processor is the entity responsible for processing or storing data on behalf of the data controller. The data processor is not an employee of the data controller. This means cloud-based data collection must also be compliant.
DATA PROCESSORThe right of a consumer to access the data that has been collected by a company and transfer that data to another processor.
DATA PORTABILITY
• Must be appointed on the basis of professional qualities and, in particular, expert knowledge on data protection law and practices.
• May be a staff member or an external service provider.
• Contact details must be provided to the relevant DPA.
• Must be provided with appropriate resources to carry out their tasks and maintain their expert knowledge.
• Must report directly to the highest level of management.
• Must not carry out any other tasks that could results in a conflict of interest.
DATA PROTECTION OFFICER(not required for all organizations)
Making automated decisions for marketing or otherwise based on data that makes assumptions about user’s personal charac-teristics, such as “that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”
DATA PROFILING
The process of separating personal identifi-ers from linked data sets, resulting in greater security but not altogether destroying the utility of the data.
PSEUDONYMIZATION
GDPR requires diligent vendor management, requiring the data controller to be fully invested in under-standing how the data processor (vendor) is using data, and that usage is compliant with GDPR. Creating and maintaining accurate Data Protection Impact Assessments (DPIAs) falls under this requirement.
VENDOR MANAGEMENT
