In this video, Kalinda Raina explores the key concepts of the EU General Data Protection Regulation (GDPR). Learn about privacy by design, data subject rights, lawfulness of processing, and the responsibilities of controllers and processors.
- The GDPR includes nearly 100 different provisions directing companies on how to collect, manage, and process personal data while outlining key data rights for EU citizens. In the world of big data and interconnected technology the GDPR provides a way to think about data privacy which many other regions, including Asia and Latin America, are using as a basis for their own data privacy laws. It's therefore important to have a working knowledge of the GDPR, as many of its core principles will likely govern the way even countries outside of the EU think about data protection.
It will also influence customer expectations for data protection globally. So you might be asking, what does the GDPR say? Well, in essence, it breaks down to four key concepts. Is your company lawfully processing personal data? Are you honoring your users' data subject rights? Are you meeting your company's obligations as a data controller or data processor? And are you designing privacy into your products? In addition to these four tenets, I want to highlight a few significant changes GDPR will bring about.
First, many companies will be required to appoint a data protection officer, or DPO. This is an individual who has independent authority to oversee a company's compliance with GDPR. Additionally, the GDPR will provide protections for children under 16 by requiring parental consent before a child's personal data can be collected by a company. If your organization collects or processes the personal data of EU children under 16, this is an issue you will need to look into. The age for parental consent does vary across EU countries and can be set as low as 13.
Another substantive impact is the amount of time that companies have to respond to a data breach. The GDPR mandates reporting data breaches to an EU regulator within 72 hours. That's just three days of learning of an incident. This means companies need clear escalation paths to their security and legal departments when a breach occurs. So as you can see, there's a lot to consider when dealing with the GDPR.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.