In this video, Mandy Huth discusses the scope of GDPR. Learn about GDPR's objectives, impacted organizations, relevant data and systems, as well as exclusions. Learn about personal data.
- [Instructor] Understanding what is covered by GDPR is important because many people outside the European Union don't know if this regulation applies to them or not. As we talk about GDPR, we want to look at the different components of this regulation. Its objective is to enable the safe transfer of data and how to process it. In terms of organizations that are in scope, every organization doing business with the European Union is in scope, no matter their size or their industry.
In terms of data, any personal data that is being collected, analyzed, stored, et cetera, is included in this regulation. As for the systems included, any system, whether it's automated or manual, will require data mapping and is included under this tenant. In terms of exclusions, personal data that is needed by law enforcement, or for national security would not be covered under this regulation.
What makes someone unique, or makes them an individual? Personal data is anything that can identify someone as a natural person. Please note, personal data does not precisely match a term used in the United States called PII, or personally identifiable information. While they're similar, and many portions of that data overlap, they are not precisely the same and should not be used interchangeably. To determine if something is personal data, one must look at the content, its purpose, and the results of processing that data.
Some examples include your name, or perhaps your location. Other examples may be an IP address or web browser cookies because these can also help indicate who one is or their location. Additionally, data that may not alone be personal data, could potentially become personal data when it's used with another data set. An example of this may be a doctor's record, and your college graduation year. That would then determine your age.
Finally, there are some special protections for data sets such as political opinions, racial information, and prior criminal offenses that need to be considered under the regulation. Again, this content should not be considered legal advice. If there are questions about what personal data is, please seek proper legal counsel. Understanding that if a business works with EU citizens, that organization must follow GDPR. And knowing what type of data will need to be protected will prepare them for the responsibilities they have.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Compliance deadlines and penalties
- Data controllers and data processors under GDPR
- Exploring the role of the data protection office
- Technical measures outlined in the GDPR
- Reviewing the right to be forgotten and the situations that allow erasure
- Rules for children under the age of 16
- Breach notification