General Data Protection Regulation

GDPR stands for The General Data Protection Regulation. GDPR is a law to protect data privacy in the European union. In GDPR, there are 6 key data collection principles, and they are:

1. Lawfulness, fairness, and transparency is the first key data collection principle and this means that all personal data should be processed legally, fairly and in a transparent way.
2. Purpose limitation is the second key data collection principle and this means that all the personal data should be collected to describe for clear and legal purposes and not proceed in manners.
3. Data minimization is the third key data collection principle and this means that organization or the companies should limit all the personal data.
4. Accuracy is the fourth key data collection principle and this means that all the personal data should be good and accurate and stay up to date.
5. Storage limitation is the fifth key data collection principle and this means that organization or the companies should delete the personal data when it’s no longer required or needed.
6. Integrity and confidentiality is the sixth key data collection principle and this means that organizations or the companies are responsible for all the personal data they collect and store.

EU Privacy laws VS U.S Privacy Laws:

The United States prefers a different approach to data protection. rather than defining one all-encompassing control such as the GDPR, it chose to execute segment particular information security laws and controls that work beside state-level enactment to protect American Citizens information. So the difference between US privacy laws and EU privacy laws is that US privacy laws do not guarantee data protection, but EU privacy laws guarantee data protection. EU lawful acts interfering in common with crucial rights is too adequate to trigger a standing for the person to sue, but however the US does not consequently lead to any person’s right of action. The EU and US have something similar and that is called a “privacy shield”. Privacy Shield allows your personal data to be transferred from the EU to a company in the US.

There are 4 GDPR resources provided in the course to define the following terms, and the role of each resources are:

1. A Data Controller is the purpose and means of processing data. Data controllers are also required to protect storage limitation, and the personal data.
2. A Data Custodian is responsible for the protection of, transport, storage of the data, and also responsible for the technical environment and database structure. Their role is to Execute new data initiatives, Implement tools, Implement technical data standards.
3. A Data Subject is a person whose personal data is being captured. Data Subject role is to correct errors from personal data, erase their personal data or export their personal data.
4. A data protection officer is also known as DPO and DPO is responsible to inspect a company’s data protection strategy. The DPO role is to Educate the company and employees on important compliance requirements.