EU’s General Data Protection Regulation (GDPR) is created with the purpose of regulating the way the personal data of individuals is protected by organizations large and small around the world. databrackets certified privacy and security professionals can help your organization comply with GDPR requirements in the most efficient and cost-effective way.
Why Does GDPR Compliance Matter?
According to the GDPR regulation, the power over personal data will no longer be in the hands of organizations but will belong to the individuals. GDPR regulations also address the export of personal data outside the EU and EEA areas. The regulation applies if the data controller (an organization that collects data from EU residents), or processor (an organization that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances, the regulation also applies to organizations based outside the EU if they collect or process personal data of individuals located inside the EU. The regulation does not apply to the processing of data by a person for a “purely personal or household activity and thus with no connection to a professional or commercial activity.”
Key GDPR Principles:
Art. 5 GDPRPrinciples relating to processing of personal data
(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
Art. 6 GDPRLawfulness of processing
Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
Art. 7 GDPR Conditions for consent
Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.
Art. 9 GDPR Processing of special categories of personal data
Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.