An Overall vision of General Data Protection Regulation (GDPR) - PowerPoint PPT Presentation

About This Presentation

An Overall vision of General Data Protection Regulation (GDPR)


General data protection regulation (GDPR) ensures that businesses protect the European Union (EU) citizens’ data for any transaction in the EU member states. The organizations doing business in Europe must adhere to this set of regulations. If organizations fail to comply with the regulations, they have to pay a considerable fine resulting in legal proceedings and reputational damage. – PowerPoint PPT presentation

Number of Views:150


Transcript and Presenter's Notes

Title: An Overall vision of General Data Protection Regulation (GDPR)

An Overall vision of General Data Protection
Regulation (GDPR)
An Overall vision of General Data Protection
Regulation (GDPR) General data protection
regulation (GDPR) ensures that businesses protect
the European Union (EU) citizens data for any
transaction in the EU member states. The
organizations doing business in Europe must
adhere to this set of regulations. If
organizations fail to comply with the
regulations, they have to pay a considerable fine
resulting in legal proceedings and reputational
In this article, we are discussing what you need
to know about the GDPR to stay compliant. What
is GDPR? GDPR stands for general data protection
regulation. It is a set of regulations adopted by
the European Union parliament in 2016, that
bounds the organization to protect the personal
data and privacy of citizens of the European
Union. GDPR regulates the transportation of
personal data within and outside of the European
union member countries. General data protection
regulation (GDPR) ensures that organizations
adhere to the regulations guidelines, keeping
customers privacy as their topmost priority. If
any organization fails to stay compliant with the
GDPR, it has to pay a considerable fine. The
organization also loses the reputational value
and trust of the customers. GDPR defines six
core principles that lie at the heart of GDPR.
Organizations are obliged to follow these
principles while collecting, processing, and
transmitting the customers data.
  • Lawfulness, fairness, and transparency
  • The first principle of GDPR states that
    organizations should always adhere to the laws.
    Organizations must mention in their privacy
    policy what data they are collecting and for what
  • Purpose limitation data should be collected for
    specific purposes. Organizations need to mention
    the objectives behind collecting data and delete
    it once the target is achieved.
  • Data minimization 
  • Organizations need not collect unnecessary and
    irrelevant data. They are allowed to collect,
    process, or hold the minimum amount of data
    required to fulfill their purposes.
  • Accuracy
  • Organizations must take necessary steps to ensure
    that personal information is accurate and not
    misleading. Any misleading or incorrect
    information should be erased as soon as
Storage limitation Organizations need not store
personal data for a more extended period. Data
should be reviewed frequently and erased if it is
not required anymore. Integrity and
confidentiality The integrity and confidentiality
principle ensures that organizations take
adequate measures to protect consumers data and
privacy. This principle is also known as the
security principle.
Why is GDPR important? Europe was already aware
of the importance of data privacy long before the
emergence of the internet. Therefore it
implemented the Data Protection Directive in the
year 1995. GDPR was enforced on 25th May 2018 by
replacing the outdated Data Protection Directive.
Recent years have witnessed some high profile
data breach incidents. GDPR came into existence
due to rising privacy concerns. A majority of
consumers used to fear the loss of their
financial data and security information. The GDPR
protects the rights of the European Union
citizens and enables them to keep track of what
data is an organization storing? For what
purpose? And who can access their data?
Data Security and privacy protection play a vital
role in the success of an organization.
Information security deals with protecting
sensitive information from unauthorized access.
Therefore, organizations should employ security
measures and controls to manage and mitigate the
risks associated with data breaches and comply
with requirements of GDPR. In case organizations
fail to comply with the GDPR, organizations have
to face heavy penalties that can reach up to 2
of an organizations annual turnover. In the case
of more severe violations, the penalties can cost
4 of an organizations yearly revenue.
  • What type of personal data GDPR protects?
  • Any form of data that can be used to identify an
    individual or natural person is called personal
    data. Personal data protected by GDPR include
  • The basic information about a natural person
    (such as his name, ID numbers, and residential
  • web data (IP address, location, cookie data, IoT
    related identifiers)
  • Genetic data and Health data (such as past and
    current medical history)
  • biometric data (fingerprints, facial
    recognition), racial or ethnic data, data related
    to political opinions, or Sexual orientation
  • Does the GDPR affect the organizations working
    outside the EU?
  • The GDPR protects the privacy and personal data
    of the citizens of the EU. Any organization
    handling EU citizens data, irrespective of
    whether it is located within EU member states or
    outside, has to abide by GDRP regulations. GDRP
    applies to the companies located in the EU, even
    if their data is being stored or processed
    outside of the EU.
  • The GDPR applies to the organizations outside of
    the EU in the following situations
  • The internet has facilitated the organizations to
    deliver their services to distant places, all
    across the globe. In case the organization is
    located outside of the European Union but offers
    goods and services to the EU citizens, then the
    organization is subjected to the GDPR.
  • If an organization monitor the online behavior of
    Eu citizens, for example, if it uses tools to
    track cookies and IP address of the user who
    visited its website, then the organization falls
    under the scope of GDPR.
The impact of GDPR on businesses? The GDPR has
assigned more power to the consumers. It has
changed many things for organizations affecting
third-party vendors, marketing activities, and
the sales teams functions. GDPR has a beneficial
impact on risk management, governance, data
security, and system security.
  • The EUs regulation has influenced the businesses
    in the following ways
  • The enforcement of GDPR has impacted on the data
    privacy and security standards. It has motivated
    organizations to improve and establish the best
    security measures to mitigate the risks of
    potential data breaches.
  • GDPR as resulted in the standardization of the
    data protection. Once an organization is
    compliant with GDPR, it can carry out its
    operation in any EU member state. The
    organization does not need to deal with data
    protection legislation for each state separately.
  • A data breach incident can cause an organization
    huge reputational damage and loss of trust of
    customers. Organizations are committed to secure
    customers privacy to stay compliant with GDPR,
    which further helps the organizations earn
    customers trust and maintain a better customer
  • According to a survey conducted by the Department
    for Digital Culture, Media Sport (DCMS) in the
    UK, GDPR has a major influence on Financial
    services, Arts and entertainment, retail
    business, Education sector, Health sector, public
    administration, and defense sector.

Final words  Enforcement of the EUs General Data
Protection Regulation (GDPR) has put the
consumers at the drivers seat. Organizations
have to inform consumers about their rights. The
GDPR has encouraged organizations to change their
existing policies and protocols and strengthen
their data security measures to prevent any
possible data breach incident. It has also
inspired other countries and regions worldwide to
introduce or make adequate reforms in their data
protection laws. Train with Infosec
Train Infosec train is offering PECB certified
GDPR foundation training course that allows
participants to comprehend the data privacy laws
and get familiar with the role of a Data
Protection Officer (DPO). The certified GDPR
training program aims at providing the necessary
skillset to the candidates to enforce the data
protection framework decisively, facilitate data
access storage, and mitigate the data breach
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain
Our Endorsements
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
Our Trusted Clients
(No Transcript)
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
Write a Comment
User Comments (0)