Versions Compared

Version Old Version 1 New Version Current
Changes made by

Sergio Karijodinomo

Sergio Karijodinomo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Data Protection: Your Information, Your Rights

Data protection refers to the overarching concept of safeguarding individual privacy by controlling how personal data is collected, used, and stored. This includes practices like secure storage, access limitations, and clear communication about data usage.

The GDPR: Europe Sets the Standard

The General Data Protection Regulation (GDPR) is a regulation enforced by the European Union (EU) that strengthens the data protection rights of individuals within the EU and the European Economic Area (EEA). Though a European regulation, it can apply to organizations around the world if they handle data of EU citizens.

Key Principles of GDPR

  1. Lawfulness, Fairness, and Transparency: Personal data must be processed in a way that is lawful, fair, and transparent to individuals. This means being clear about why you're collecting their data, how you'll use it, and who it might be shared with.

  2. Purpose Limitation: Data can only be collected for specific, explicit, and legitimate purposes. You cannot use it for any reason beyond what you originally stated.

  3. Data Minimization: Only collect the personal data that is absolutely necessary to fulfill the stated purpose. Avoid collecting irrelevant or excessive information.

  4. Accuracy: Personal data must be accurate and, where necessary, kept up to date. Take reasonable steps to ensure the information you hold is correct and reflects any changes.

  5. Storage Limitation: Personal data should be kept in a form that permits identification of individuals only for as long as necessary for the specific processing purpose. Once the purpose is complete, delete or anonymize the data.

  6. Integrity and Confidentiality: Personal data must be processed in a manner that ensures appropriate security of the information. This includes protection against unauthorized or unlawful processing, accidental loss, destruction, or damage. Implement technical and organizational measures to safeguard data.

  7. Accountability: The data controller (the organization determining the purpose and means of processing) is ultimately responsible for, and must be able to demonstrate, compliance with all the GDPR principles. This includes maintaining records and being able to show how you're adhering to the regulations.

  8. Restriction of Processing: Individuals have the right to request the restriction of processing of their personal data under certain circumstances, such as when they contest the accuracy of the data or object to its processing.

  9. Right to Access and Rectification: Individuals have the right to access their personal data and request corrections if it's inaccurate or incomplete. You must provide a mechanism for individuals to easily access and rectify their data.

  10. Data Breach Notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, organizations must notify the relevant authorities and impacted individuals within a specified timeframe.