In this video, Mandy Huth outlines the GDPR regulation and its creation. Explore data breach numbers, previous rules used, and the three key GDPR objectives.
- [Instructor] GDPR is a regulation created in 2016. It contains 99 articles covering basic data privacy for all European Union citizens. This regulation requires businesses to protect the personal data and privacy of EU citizens. We live in an interconnected world. In 2017, there were over 3.8 billion internet users who consumed over 44 billion gigabytes of data per day.
This data moves in microseconds. Do you remember AOL dial-up? We move so much faster. Knowing that, how does one protect their individual interests and ensure that we're safe? When looking at the European Union's privacy history, a few key events have occurred. Safe Harbor was a set of privacy principles enacted between the European Union and the United States in 2000. However, they were invalidated in 2015 because the protections were determined to not be sufficient.
Currently, many organizations are leveraging privacy shield agreements between them. These have privacy components in them and outline respective responsibilities. However they are agreements versus laws. Additionally, an organization can self-certify without any regulatory oversight. GDPR is a law enacted by the European Union parliament. It is the most comprehensive privacy regulation to date. And it has the backing of all EU member states.
GDPR is the result of four years of work by the European Union parliament. And it has specific requirements regarding the transfer of data and how that data is processed. Identity is the new currency in our world. It is obvious in our world that the threat of attacks is very real. This can be seen in some statistics around breaches and records. In 2016, there were over 1,000 reported breaches.
These breaches impacted over 36 million records. In contrast, in 2017, there were over 1200 reported data breaches. But you can see that the number of records that were impacted is materially larger than the year prior, 172 million records. Again, the threat of attacks is very real. GDPR has three primary objectives.
The first one is control. Each citizen must opt in and provide consent to how personal data is used and processed. Data subjects can revoke their consent at any time. The second objective is trust. This regulation wants to encourage long-term consumer confidence. It's mainly about safety. The last objective is simplicity. Fragmented rules and legislation led to disjointed application by many organizations.
Organizations need clear visibility, understanding, and control over the data that they process. With the simplicity, the hope is to achieve a standard approach across organizations and industries. There have been several attempts to secure data. But GDPR is the most far-reaching and comprehensive regulation to date.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Compliance deadlines and penalties
- Data controllers and data processors under GDPR
- Exploring the role of the data protection office
- Technical measures outlined in the GDPR
- Reviewing the right to be forgotten and the situations that allow erasure
- Rules for children under the age of 16
- Breach notification