Data privacy suddenly got hot a few years ago when Edward Snowden made his revelations about the NSA snooping on U.S. citizens’ data. Since then, data privacy violations and misuse have become synonymous with major companies such as Facebook, Google and Equifax. The word “privacy” is now well and truly associated with the troubles surrounding online data.
Data privacy is about how the information that represents an individual online or offline is used. Privacy is about choice and data management as much as it is about the security of these data. As part of the push towards a more privacy-respectful community, there have been a number of new or updated laws and regulations on the world stage. One such law has been the EU’s General Data Protection Regulation (GDPR) which came into force on May 25, 2018.
This article will address the sorts of details of the GDPR that any self-respecting Data Protection Officer (DPO) should know about.
Getting Personal: What Is Personal Data According to the GDPR?
The GDPR offers a definition of what constitutes personal data. This definition states that personal data is anything that can be used to tie the data to an individual: name, date of birth, address and so on. The GDPR extends the definition by including behavioral data and data such as religious and political leaning. Knowing what the term “personal data” actually describes is fundamental to your DPO’s knowledge base and will dictate how compliance with GDPR relates to your business.
GDPR categorizes personal data into two types:
Personal Data (Article 4)
This is the data most companies are used to dealing with. Data such as name, address and location are typical, but personal data can also cover IP address, genetic data, economic, cultural or physiological information.
Special Category: Sensitive Personal Data (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/XtZglwhZ7RI/