An Overall vision of General Data Protection Regulation (GDPR)

1
An Overall vision of General Data Protection
Regulation (GDPR)
www.infosectrain.com sales_at_infosectrain.com
2
An Overall vision of General Data Protection
Regulation (GDPR) General data protection
regulation (GDPR) ensures that businesses protect
the European Union (EU) citizens data for any
transaction in the EU member states. The
organizations doing business in Europe must
adhere to this set of regulations. If
organizations fail to comply with the
regulations, they have to pay a considerable fine
resulting in legal proceedings and reputational
damage.
www.infosectrain.com sales_at_infosectrain.com
3
In this article, we are discussing what you need
to know about the GDPR to stay compliant. What
is GDPR? GDPR stands for general data protection
regulation. It is a set of regulations adopted by
the European Union parliament in 2016, that
bounds the organization to protect the personal
data and privacy of citizens of the European
Union. GDPR regulates the transportation of
personal data within and outside of the European
union member countries. General data protection
regulation (GDPR) ensures that organizations
adhere to the regulations guidelines, keeping
customers privacy as their topmost priority. If
any organization fails to stay compliant with the
GDPR, it has to pay a considerable fine. The
organization also loses the reputational value
and trust of the customers. GDPR defines six
core principles that lie at the heart of GDPR.
Organizations are obliged to follow these
principles while collecting, processing, and
transmitting the customers data.
www.infosectrain.com sales_at_infosectrain.com
4

• Lawfulness, fairness, and transparency
• The first principle of GDPR states that
  organizations should always adhere to the laws.
  Organizations must mention in their privacy
  policy what data they are collecting and for what
  purpose.
• Purpose limitation data should be collected for
  specific purposes. Organizations need to mention
  the objectives behind collecting data and delete
  it once the target is achieved.
• Data minimization 
• Organizations need not collect unnecessary and
  irrelevant data. They are allowed to collect,
  process, or hold the minimum amount of data
  required to fulfill their purposes.
• Accuracy
• Organizations must take necessary steps to ensure
  that personal information is accurate and not
  misleading. Any misleading or incorrect
  information should be erased as soon as
  discovered.

www.infosectrain.com sales_at_infosectrain.com
5
Storage limitation Organizations need not store
personal data for a more extended period. Data
should be reviewed frequently and erased if it is
not required anymore. Integrity and
confidentiality The integrity and confidentiality
principle ensures that organizations take
adequate measures to protect consumers data and
privacy. This principle is also known as the
security principle.
www.infosectrain.com sales_at_infosectrain.com
6
Why is GDPR important? Europe was already aware
of the importance of data privacy long before the
emergence of the internet. Therefore it
implemented the Data Protection Directive in the
year 1995. GDPR was enforced on 25th May 2018 by
replacing the outdated Data Protection Directive.
Recent years have witnessed some high profile
data breach incidents. GDPR came into existence
due to rising privacy concerns. A majority of
consumers used to fear the loss of their
financial data and security information. The GDPR
protects the rights of the European Union
citizens and enables them to keep track of what
data is an organization storing? For what
purpose? And who can access their data?




www.infosectrain.com sales_at_infosectrain.com
7
Data Security and privacy protection play a vital
role in the success of an organization.
Information security deals with protecting
sensitive information from unauthorized access.
Therefore, organizations should employ security
measures and controls to manage and mitigate the
risks associated with data breaches and comply
with requirements of GDPR. In case organizations
fail to comply with the GDPR, organizations have
to face heavy penalties that can reach up to 2
of an organizations annual turnover. In the case
of more severe violations, the penalties can cost
4 of an organizations yearly revenue.




www.infosectrain.com sales_at_infosectrain.com
8

• What type of personal data GDPR protects?
• Any form of data that can be used to identify an
  individual or natural person is called personal
  data. Personal data protected by GDPR include
• The basic information about a natural person
  (such as his name, ID numbers, and residential
  address)
• web data (IP address, location, cookie data, IoT
  related identifiers)
• Genetic data and Health data (such as past and
  current medical history)
• biometric data (fingerprints, facial
  recognition), racial or ethnic data, data related
  to political opinions, or Sexual orientation

www.infosectrain.com sales_at_infosectrain.com
9

• Does the GDPR affect the organizations working
  outside the EU?
• The GDPR protects the privacy and personal data
  of the citizens of the EU. Any organization
  handling EU citizens data, irrespective of
  whether it is located within EU member states or
  outside, has to abide by GDRP regulations. GDRP
  applies to the companies located in the EU, even
  if their data is being stored or processed
  outside of the EU.
• The GDPR applies to the organizations outside of
  the EU in the following situations
• The internet has facilitated the organizations to
  deliver their services to distant places, all
  across the globe. In case the organization is
  located outside of the European Union but offers
  goods and services to the EU citizens, then the
  organization is subjected to the GDPR.
• If an organization monitor the online behavior of
  Eu citizens, for example, if it uses tools to
  track cookies and IP address of the user who
  visited its website, then the organization falls
  under the scope of GDPR.

www.infosectrain.com sales_at_infosectrain.com
10
The impact of GDPR on businesses? The GDPR has
assigned more power to the consumers. It has
changed many things for organizations affecting
third-party vendors, marketing activities, and
the sales teams functions. GDPR has a beneficial
impact on risk management, governance, data
security, and system security.

• The EUs regulation has influenced the businesses
  in the following ways
• The enforcement of GDPR has impacted on the data
  privacy and security standards. It has motivated
  organizations to improve and establish the best
  security measures to mitigate the risks of
  potential data breaches.
• GDPR as resulted in the standardization of the
  data protection. Once an organization is
  compliant with GDPR, it can carry out its
  operation in any EU member state. The
  organization does not need to deal with data
  protection legislation for each state separately.

www.infosectrain.com sales_at_infosectrain.com
11

• A data breach incident can cause an organization
  huge reputational damage and loss of trust of
  customers. Organizations are committed to secure
  customers privacy to stay compliant with GDPR,
  which further helps the organizations earn
  customers trust and maintain a better customer
  relationship.
• According to a survey conducted by the Department
  for Digital Culture, Media Sport (DCMS) in the
  UK, GDPR has a major influence on Financial
  services, Arts and entertainment, retail
  business, Education sector, Health sector, public
  administration, and defense sector.

www.infosectrain.com sales_at_infosectrain.com
12

Final words  Enforcement of the EUs General Data
Protection Regulation (GDPR) has put the
consumers at the drivers seat. Organizations
have to inform consumers about their rights. The
GDPR has encouraged organizations to change their
existing policies and protocols and strengthen
their data security measures to prevent any
possible data breach incident. It has also
inspired other countries and regions worldwide to
introduce or make adequate reforms in their data
protection laws. Train with Infosec
Train Infosec train is offering PECB certified
GDPR foundation training course that allows
participants to comprehend the data privacy laws
and get familiar with the role of a Data
Protection Officer (DPO). The certified GDPR
training program aims at providing the necessary
skillset to the candidates to enforce the data
protection framework decisively, facilitate data
access storage, and mitigate the data breach
incidents.




www.infosectrain.com sales_at_infosectrain.com
13
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
14
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
15
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
16
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
17
(No Transcript)
18
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com