A Brief Guide to GDPR Compliance



The European Union (EU) has a new data protection law – the General Data Protection Regulation (henceforth “the GDPR” or “the Regulation”) will replace the outdated EU Data Protection Directive (Directive 95/46/EC).

In essence, the EU is setting a new global standard concerning *privacy/data protection. In the wake of the Facebook scandal erupted in March 2018, and given the fact that the GDPR sets the bar so high, the Transatlantic Consumer Dialogue considered that “there is simply no reason for [Facebook] to provide less than the best legal standards currently available to protect the privacy of Facebook users.” (Source: “Consumer groups urge Facebook to commit to global privacy rules” by A. Morse)

Despite Brexit, the UK will enshrine GDPR standards in its Data Protection Bill. This means that the UK data protection legislation will remain in line with one of the countries in the Union. As one government study shows, however, only 38% of the British firms were aware of the GDPR just over 100 days before 25th of May. Many U.S. companies are in the same position. This writing may be of some help to those who want to run a successful business that abides by the new EU data protection law.

The figure of data controller determines the purposes and means of the processing of personal data, whereas data processor processes personal data on behalf of the controller (Art. 4(7) and Art. 4(8) of the GDPR).

Sometimes it can be difficult to determine whether a certain entity is a controller or a processor. To illustrate, Google is a data controller when it comes to its most popular ad products, including AdMob, AdSense, AdWords, DoubleClick Ad Exchange (AdX) and DoubleClick for Publishers (DFP), but it operates as a data processor with respect to consumers (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dimitar Kostadinov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/cP6BmNyY31w/