In this video, Mandy Huth explains Article 24 of the GDPR. Explore the primary responsibilities of a data controller, such as measures, nature, data protection, and codes of conduct.
- [Instructor] GDPR has 99 articles. Article 24 is important to understand, because it outlines the specific tasks a controller is responsible for in that role. There are four primary responsibilities outlined in Article 24. The first is to have appropriate measures in place. These are both technical measures and processes. Documenting those processes and measures can show an organization's diligence. Be sure to put in audit mechanisms to be able to show those measures as evidence.
Next is to understand the data being processed. A data mapping exercise will facilitate this. Understand what the organization has and why they have it. Additionally, understand the probability and impact of losing that data. This is to enable us to determine the appropriate measures based on the criticality of the data. Third is to protect the data. This task is based on the nature of the data or its criticality. An organization needs to have a policy and it needs to be communicated and readily available.
Finally, the fourth responsibility is to have a code of conduct. This should also be a written policy. Additionally, it must adhere to Article 40 of the GDPR or an approved certification. Article 40 has 11 codes outlined in its tenet. A few key clauses in Article 40 are around processing, legitimate interest in the data and consideration of a data subject's rights. These four tenets are the core responsibilities of a data controller.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Define the objectives of GDPR relating to the personal privacy of citizens.
- Determine the responsibilities of data protection officers under GDPR.
- Identify the rights of citizens in the event of a data breach.
- Review the steps that must be taken in the event of a data breach.
- Describe the notification process in the event of a data breach.