Inside the Briefcase

How to Transform Your Website into a Lead Generating Machine

How to Transform Your Website into a Lead Generating Machine

Responsive customer service has become of special importance, as...

Ironclad SaaS Security for Cloud-Forward Enterprises

Ironclad SaaS Security for Cloud-Forward Enterprises

The 2015 Anthem data breach was the result of...

The Key Benefits of Using Social Media for Business

The Key Benefits of Using Social Media for Business

Worldwide, there are more than 2.6 billion social media...

Forrester’s 2019 Predictions: The year transformation goes pragmatic

Forrester’s 2019 Predictions: The year transformation goes pragmatic

2019 represents a year when strategic ambitions will translate...

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

Infographic: The Three Pillars of Digital Identity: Trust, Consent, Knowledge

8,434 adults were surveyed to gauge consumer awareness of...

Demystifying Common GDPR Terms

August 22, 2019 No Comments

Featured article by Mark Wellins, CCO, at 1touch.io

GDPR banner 300x142 Demystifying Common GDPR Terms

Back in May, the world marked the one-year anniversary of the General Data Protection Regulation, or GDPR as it’s now commonly known. Over the course of the year, GDPR and related stories were rarely out of the headlines. GDPR was mentioned in seemingly every story written about data privacy if not covered exclusively. In the wake of all the hype, companies around the world with a data presence in the EU spent millions to comply with the newly passed regulations. GDPR was, and in many ways remains, everywhere.

Yet despite all the buzz, many companies are still struggling to meet GDPR compliance. Even among those organizations that are in the process of complying or see it as an inevitability, GDPR definitions and associated terms often remain head-scratchers for many organizations. In order to help enterprises navigate GDPR regulations, I’ve put together an easily digestible explanation of words or phrases associated with GDPR that are frequently used but not always clarified.

Since GDPR at its core is a set of rules designed to give EU citizens more control over their personal data, it makes sense to begin by defining “Personal Data.” According to the regulations, personal data is any information about an individual who can be identified (even indirectly), by name, number, location, or online identification. This can also include things such as the physical, physiological, genetic, mental, economic, cultural, genetic, biometric, or social identity of the person.

Organizations then use this information about an individual to conduct “Profiling.” This means they automatically analyze and sort a person based on aspects related to their personal data, such as their location, health, or interests. For example, a company may set up an automation mechanism in their system that places all identities living in a specific place under a tag that defines their financial situation.

Typically, an organization will compile personal data into a “Personal Data Inventory.” This is a central place that manages information relating to an identified or identifiable natural person that your organization stores, processes or shares. If your inventory is missing even one part (for example: it is unable to automatically identify new network elements that process personal data) it is unreliable, preventing you from complete and comprehensive reporting, which equals noncompliance.

The personal data inventory of any organization should be carefully placed in a “Filing System.” The essential component of any organizational filing system, whether automatic or manual, is that it is structured, or organized, in such way that allows anyone to easily extract (or access) all personal data information they seek.

It is well documented in GDPR that businesses are required to know what personal data they are “Processing.” Processing is essentially any action an organization can take with personal data. This can mean storing, recording, organizing, erasing, altering and so on. Simply changing a person’s address, or moving it to a different file, or deleting dated information all count as processing.

Organizations that handle personal data are required to designate both a “Controller” and a “Processor.” A controller is the person or entity that lawfully collects information and manages what is done with the personal data. A processor is the person or entity who has been given personal data by the controller and has permission to use it. The controller must take measures to ensure that all processors of the personal data abide by GDPR rules. Both the controller and the processor must be concerned with “Consent.” Consent is when a fully informed person agrees with the controller (or processor) that data can be used for the purposes agreed upon.

This brings us to “Third Party.” A third party is any person or organization, excluding the data subject, who has been authorized by the controller or a processor to process the data. Within that organization is a “Recipient.” This is a person or organization to which any and all personal data was disclosed. The recipient does not include public authorities who receive personal data when acting in accordance with local laws.

The last term is one you hope your organization never utters: “Personal Data Breach.” As defined by GDPR, a personal data breach occurs when personal data is destroyed, lost, changed, given away or otherwise used in any manner by unlawfully accessing the data.

Like it or not, the GDPR is here to stay and it will surely expand parameters as it adds years to its life. Again, any company with a data presence in the EU – or looking to expand business there – is subject to its regulations and subsequent compliance. While these are only a few terms related to GDPR and in no way will make you an expert on the subject, they should give you a baseline understanding of the regulations and the ability to speak on them, especially if you’re new to the territory.

 

DATA and ANALYTICS , SECURITY, SOCIAL BUSINESS

Sorry, the comment form is closed at this time.

ADVERTISEMENT

Gartner