GDPR (General Data Protection Regulation)
Amy Forderにより
1. 7 GDPR Principles... (mostly similar to DPA)
1.1. 1. Lawfulness, fairness, and transparency
1.2. 2. Purpose - limits data held
1.3. 3. Data - minimum
1.4. 4. Accuracy
1.5. 5. Storage - limits data stored
1.6. 6. Confidentiality
1.7. 7. Accountability
2. 7 Rights of Individuals
2.1. 1. INFORMED of data breach (within 72 hours)
2.2. 2. ACCESS able to get copies of personal data for free (request a SAR - Subject Access Request )
2.3. 3. ERASURE 'right to be forgotten' if data is no longer required - can request for it to be erased (e.g. prison)
2.4. 4. PORTABILITY move data from A to B
2.5. 5. RECTIFICATION organisation is forced to correct any inaccuracies
2.6. 6. RESTRICT processing/to object to processing, unless it is in the public interest to do so
2.7. 7. NOT TO BE EVALUATED BASED ON AUTOMATIC PROCESSING e.g. for job profiling/insurance premiums
3. Penalties...
3.1. Fined 4% of annual GLOBAL sales
3.2. 20m euros (whichever is largest)
3.3. Criminal liability
4. Aims...
4.1. To protect all EU citizens from data breaches
4.2. Helps us to understand what information organisations hold on us and why
4.3. Easier for us to consent/object to organisations holding our data
4.4. More personal freedom
5. Covers...
5.1. Any organisation worldwide if it holds data on any EU citizen
6. However...
6.1. Allows for free flow of data internationally to certain organisations e.g. security services, police, prosecutors etc.
6.1.1. SAFEGUARDS ARE IN PLACE