GDPR: A Simple Explanation
Updated: Aug 19, 2021
Index 1.What is General Data Protection Regulation (GDPR)?1.What is General Data Protection Regulation (GDPR)? 2.Why it is important? Why should we bother about it?2.Why it is important? Why should we bother about it? 3.What is classified as Personal Data under GDPR?3.What is classified as Personal Data under GDPR? 4.What is considered as Data Breach under GDPR?4.What is considered as Data Breach under GDPR? 5.What are the core GDPR concepts?5.What are the core GDPR concepts? 6. GDPR Simple Checklist6. GDPR Simple Checklist
In a data-driven world, everything we share online is processed, stored and even tracked. Today’s common phenomenon is data thief. Data breach includes illegal storage or transfer of any information that is confidential, personal, or financial in nature, including passwords, software code, or algorithms, proprietary process-oriented information, or technologies. Data breach is considered as serious security and privacy breach, individuals or businesses might face serious consequences once database is attacked.
Business firms that handle data are responsible for keeping it safe. Thus, world authorities have introduced data privacy laws to ensure firms are held accountable. The most well-known data privacy law is GDPR.
What is General Data Protection Regulation (GDPR)?
So, what is GDPR? What terms are under the GDPR? It is not difficult to google this term; however, there’s high chance you’ll encounter pages of confusing legal terminology which there are even terms you have rarely heard of. This article will explain the GDPR in the most basic, plain English.
GDPR stands for “General Data Protection Regulation”. The law is passed by the European Union (EU), and it imposes obligations onto organizations anywhere, as long as they target or collect data related to people in the EU. In other words, though it is drafted and passed in Europe, it influences world-wide businesses.
The regulation was put into effect on May 25, 2018, and it set the new standards for data privacy and data protection and provoked a wave of global privacy laws that forever changed how we use the internet.
Why it is important? Why should we bother about it?
From a long time ago, our ID cards, credit/debit cards, tax papers, real estates paper, even phone numbers are considered as “private information”. In the era of data, those information is not only physically stored but they are also stored in an enormous database.
Do you think your personal data is worth it? The answer is yes. Personal data is highly valuable — in fact, it supports a trillion-dollar industry.
Companies like Facebook and Google make their profits by selling personal information to advertisers. With this much money at stake, do you trust them to have access to all your personal information?
Under the GDPR, companies of all sizes can do only certain or limited actions with your information. Once you understand how the GDPR works, you’ll have more control over your life online.
What is classified as Personal Data under GDPR?
Simply explained, personal information is any private details that are used to identify you, and can’t be shared to any individuals or organizations without your permission.
Some examples of personal information are : bank account, full name, home address, social security number, passport number, social media posts, health records, shopping behaviors, etc…
What is considered as Data Breach under GDPR?
Any incident that leads to personal data being lost, stolen, destroyed, or changed is considered a data breach.
What are the core GDPR concepts?
The two most common GDPR terms used by security analysts are : Privacy and Consent. It is essential to understand them to become familiar with data protection.
Privacy by Design
Privacy by Design GDPR (PbD): All businesses should follow this approach when creating products and building websites. Under PbD, businesses must keep data collection at a minimum level, and build security measures into all stages of a product’s design.
Businesses must ask users for permission to process their data. Businesses must explain how the users’ information and data will be collected and which data will be collected in a transparent and simple language. Companies are able to collect and process users' data only when users explicitly agree to them. This prohibits the practice of sneaky pre-selected settings in apps and pre-checked boxes on websites.