GDPR: General Data Protection Regulation

 What is GDPR (General Data Protection Regulation)?

General Data Protection Regulation is a regulation constituded across Europe to protect the personal data of EU citizens. The GDPR, which has entered into force in European Union member countries since May 25, 2018, is about ensuring the security of personal data in large institutions and organizations in the European Union member countries within the framework of the rules specified in the regulation.

    The GDPR covers all businesses that host the personal data of their citizens within the borders of the European Union. Even if the location of the company is not located within the borders of the European Union, it is held responsible for the regulation because it collects the data of these citizens.

    The GDPR also includes data stored in the past. Serious penalties and sanctions are applied by the General Data Protection Regulation to businesses that do not comply with GDPR.

These data are listed below:

- Name, address, identification number

- Location, IP address, cookie information, internet data

- Physical appearance data and biometric data

- Race origin information

- Political view

- Such as medical data.

Issues to be Considered

1. The location of the companies that process the data of individuals living within the borders of the. European Union is not important. The businesses that process the data of citizens of the European Union member countries are responsible for this regulation, regardless of their location.

2. High penalties may be imposed for sites that do not comply with the regulation.

3. While obtaining personal data from the user, the consent of the user should be obtained with a simple system and in an easy-to-understand manner and the cancellation should be done in this way.

4. Violation notifications are required for companies.

5. They have the right to know what data of the users is taken, where it is used, how long it will be kept.

6. Users have the right to access the recorded data and the right to update or delete their data. They can also impose restrictions on their data.

 

Data Processing

Personal data must fall within the scope of at least one legal basis, otherwise, these data cannot be processed. According to Article 6 of the Regulation, valid legal bases for data processing are as follows:

 

1. If the person concerned has given consent to the processing of personal data.

2. If the obligations arising from the contract made with the relevant person are fulfilled.

3. For the data operator to comply with legal obligations.

4. If the vital interests of the person concerned or another citizen are at stake.

5 If a duty is performed in the public interest or in an official office.

6. For the legitimate interests of a data operator or a third party that is not overridden by the European Union Charter of Fundamental Rights.

Within the framework of the General Data Protection Regulation, your visitors/users/customers have 8 rights regarding their personal data. If any claim is made regarding these rights, you must respond to the request within 30 days.


Aslihan Yilmaz


References: 

1. Frankenfield, J. (2020). ‘General Data Protection Regulation (GDPR)’. Available at: https://www.investopedia.com/terms/g/general-data-protection-regulation-gdpr.asp (Accessed: 5 April 2021)

2.  What is GDPR, the EU’s new data protection law? (no date). Available at: https://gdpr.eu/what-is-gdpr/ (Accessed: 5 April 2021)

3. Your Rights under the GDPR (no date). Available at: https://www.dataprotection.ie/en/individuals/rights-individuals-under-general-data-protection-regulation (Accessed: 6 April 2021)

4.   GDPR Compliance (no date). Available at: https://www.hubspot.com/data-privacy/gdpr (Accessed: 6 April 2021)

Comments

  1. Daniel Taiwo EnisanApril 11, 2021 at 4:09 PM

    Great piece of work and good effort from the writer. However, I will like to point out that it is important to take this information further by educating users on these rules and how they can protect themselves. Several internet users find themselves navigating through the very lengthy cookie policy on websites without having a clue as to what they are reading. Also, some websites will not grant users access if they refuse to accept the cookie policy which in my opinion is a bad practice. I hope the government invest properly in educating internet users on their right and power to protect their data.

    ReplyDelete
  2. Fernando BrambilaApril 14, 2021 at 7:10 PM

    Excellent topic. I want to add that according to GDPR principles, any personal data stored by any organization must be legitimate, open, and consistent in terms of how this information is gathered, used and consulted, as well as easy to reach and understand. Furthermore, Personal data will only be gathered for a particular purpose, which should be well defined when the data is collected. This personal data will only be processed concerning a defined purpose and should be accurate and error-free. If any error is presented, the data has to be corrected immediately. Personal data should be stored for a specific duration that well defined in advance, with the data not being kept for any longer than is strictly required.

    ReplyDelete

Post a Comment

Popular posts from this blog

What is Big Data and How Does Big Data Work?

Image
Big Data, one of today's popular concepts, was first introduced in the field of astronomy and genetics, and with the introduction of the internet into our lives, it has gained a different dimension and has become a resource that we have a share in its growth without realizing it. Before looking at the definition of big data, we need to look at the equivalent of the data in the literature. Data refers to a general term derived from research, observations, internet, social media, and sensors. Big data; It is the form of data that is analyzed and classified, transformed into meaningful and processable form. When interactions in constantly used social media accounts, search engines and traces left behind when searched, movements made with bank accounts, blogs, mails, sensors and individual users' interactions with the internet are brought together, a huge data stack is formed. We can evaluate big data as a treasure that feeds from this stack and presents meaningful and actionab...
Read more

Data Governance

Image
Data Governance, more identified with the GDPR both in the world and in Ireland, is more than that. People have started having difficulties in managing even the personal data on their phone or computer. Things are get complicated when you consider the management, security, and backup of the data of all information systems such as customers, suppliers, vendors, partners, brands, products, services and assets that company employees work with. Another dimension of data has become more important as a result of the sanctions imposed with the personal data protection law and data security laws, which are enacted all over the world, including our country. With this importance, data management and data governance departments and data governance consultancy companies were established in many companies. For this reason, data management experts and data governance are needed. The lexical meaning of governance means multilateral direction and management as a business, as well as managing joi...
Read more