GDPR 101

•
•
•
•
•
•
•
•
•
•

GDPR is a regulation created in 2016. It contains 99 articles covering basic data privacy
for all European Union (EU) citizens. This regulation requires businesses to protect the
personal data and privacy of EU citizens for transactions that occur within the EU. This
regulation pertains to any organization that stores or processes EU data.
2000
Safe Harbor Privacy Principles
Deprecated
Oct 2015 July 2016
Privacy Shield
Industry Consensus
May 2018
GDPR
EU Law

•
•
•
•
•
•

• Protect the Privacy rights
• Uniform regulations across EU
• Define/widen the scope of PII
• Uniform cross border data transfers
• Address the online data privacy concerns
• Facilitate the economic activities with uniform privacy concerns
• Harmonize the regulatory oversight

• This is the authority which
determines the purpose and means
of processing personal data
• Tasks:
• Compliance
• Implement technical measures
• Written agreements with
processors
• Inform (Data details)
• This is the authority which processes
personal data on behalf of the
controller
• Tasks:
• Record processing operations
• Implement security measures
• Inform of any data breach
• Appoint a Data Protection
Officer (DPO) as required.

GDPR requires that you build a master list that maps where data is obtained, who has access to it and what it is
used for throughout your organization. The list should track the following:
• Is this data transferred between territories?
• What personal data is collected? (email, names, etc.)
• What (if any) Sensitive Data is collected (religion, orientation, health, financial or job related.)
• What are your business reasons for handling this data?
• How is the data stored?
• How is the data secured? (Encryption, Obfuscation)
• How can we find this data again? (In the event of a Subject Data Access Request)
Recommendation:
• An effective data-mapping program should offer advanced data visualization capabilities.

• Although there are no explicit GDPR encryption requirements, the regulation does require you to enforce
security measures and safeguards. The GDPR repeatedly highlights encryption and pseudonymization as
“appropriate technical and organizational measures” of personal data security.
• There are several encryption tools out there like Veracrypt for data at rest, OpenSSL, CyberGhost VPN, etc
that you should consider using.
• We recommend Federal Information Processing Standards (FIPS) 140-2 Level 1 Protection for at least your
critical/sensitive information.

Having one or more copies of sensitive data floating around increases your risk of it falling into the wrong hands.
While enabling the safe sharing/copying/use of sensitive data, masking lets you protect those data sets, and meet
compliance requirements, without hampering your business operations.
Protect Against Insider Threats
• By masking sensitive production data, organizations liberate the data employees need to get their jobs done
while reducing the risk of a data breach from a malicious, careless or compromised insiders.
Comply with GDPR
• Data masking is a means to pseudonymize data, especially in non-production data environments such as
application development and testing, training and analytics. By replacing sensitive data with realistic, fictitious
data, data masking solutions help organizations comply with key GDPR requirements.
Recommendations:
• Protect Non-Production Data
• For many organizations it’s often necessary to make copies of production data for non-production use.
Examples include:
• Application development and testing
• Personnel training
• Business analytics modeling

If a data breach is likely to result in a
risk to the organization, sensitive data
and personally identifiable information
(PII) you must notify including
supervisory authority.
Personal data breach: A breach of
security leading to the accidental or
unlawful destruction, loss, alteration,
unauthorized disclosure or access to
personal data transmitted, stored or
processed.
Notifying subjects: Must notify without
undue delay, in clear and plain
language of the nature of the breach.
•
•
•
•

•
•
•
•
•
•
•
•
•
•
•
•
•
•

•
•
•
•
•
•
•
•
•
•
•
•

GDPR 101

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à GDPR 101

Similaire à GDPR 101 (20)

Dernier

Dernier (20)

GDPR 101