Introduction to Computer Security– G6077
GDPR
Dr. Imran U Khan Engineering and Informatics Sussex University
Dr. Imran U Khan, Informatics Sussex University
Overview
✓ Introduction
✓ Why there was a need for GDPR?
✓ Key sections
✓ Modification areas in an organisation
Dr. Imran U Khan, Informatics Sussex University
What is GDPR?
▪ A regulation by which the European Parliament, the Council of the European Union and the European Commission have strengthened and unified data protection for EU residents.
Why there was a need GDPR?
▪ Data protection Acts 1998 and 2003
▪ In one Union each country has their own
acts
▪ Social and Mobile Computing revolution
Key sections
▪ Increased territorial scope
(a) Applies to all companies processing personal data of
data subjects residing in the Union
(b) It includes processing of personal data:
(i) By controllers and processors in the EU
(ii) By controllers and processors not in the EU
(iii) Processing of data placed in the EU or outside the EU
Dr. Imran U Khan, Informatics Sussex University
▪ Penalties
(i) Maximum fine up to 4% of annual global turnover or
20 Million Euros
▪ Consent
(i) Clear and plain language
(ii) Must be easy to withdraw consent ▪ Data subject Rights
• Breach notifications
(i) Mandatory
(ii) 72 hours
• Right to Access
(i) Toaccesswheredatahasbeenprocessed,where
and for what purpose
(ii) Free of charge access to personal data
• Right to be forgotten / Data Erasure
(i) Erase data and ease further dissemination of the
data
• Data portability
The right for a data subject to receive the personal data concerning them- which they have previously provided in a ‘commonly use and machine readable format’ and have right to transmit that data to another controller
• Privacy by design
Inclusion of data protection in the design stages of the systems.
Dr. Imran U Khan, Informatics Sussex University
▪ Data Protection Officers Areas of concern for an organisation
Examples
Dr. Imran U Khan, Informatics Sussex University
Third party tools
Dr. Imran U Khan, Informatics Sussex University
Further readings
1) https://eugdpr.org/the-regulation/
Dr. Imran U Khan, Informatics Sussex University