You may have heard of the new General Data Protection Regulation (GDPR) or general information protection provisions. This law applies to any organization, regardless of where the organization is located in the world, and it deals with the personal information of residents living in the European Union (EU). The GDPR requires organizations to protect the privacy and security of personal information of residents of the European Union. In order to ensure compliance with the GDPR, its key principles must be recognized and enforced.
People have the right to have privacy. Organizations should protect their privacy by restricting the collection and processing of personal information of citizens and protecting those data. The privacy obligations relate to information that can be identified individually or by combining with other information that can be found in the European Union. This information can include things like address, passport number, driving license number, financial details, biometrics, union membership, medical history, location information, or information about
Sexual, religious or political orientation. This regulation applies to a person, a person alive. Here are some of the main GDPR rules to be followed:
Individual personal information must be processed legally, fairly and transparently.
People should be told what information is collected and for what purpose.
Personal information should be collected for explicit, explicit and legal purposes. This should not be for other reasons that conflicts with these goals.
Personal data should be kept and processed as long as necessary and not for longer.
Personal information must be up-to-date and accurate.
People have the right to copy their data, or they may request that their personal information be no longer used or removed in some cases.
Organizations must take appropriate security measures to protect personal information against the destruction, destruction, alteration, or disclosure of accidental or unlawful.
In addition, organizations must ensure that all employees who have access to personal information are well trained in how to protect these data.-
The safeguards that are in place to protect personal information should guarantee a level of protection appropriate to the sensitive content of the data. The greater the likelihood of a bad deal with data, the efforts and costs of data protection measures should also be increased. These actions should be regularly reviewed and updated. Documented records of decisions taken and actions taken to protect their privacy and security will prove that the organization meets the requirements. In addition, organizations are legally required to take the necessary measures and legal checks to protect personal information when they are transferred to third-parties outside the EU, especially those outside the European Union. Eventually, organizations must report it within 72 hours of becoming aware of the incident in the event of a breach of personal information. Organization shortcomings for GDPR compliance can result in a fine of up to 4% of their global income, and such a GDPR is one of the rules that can be very costly.
Source: sans