In this article:
- Key Terms
- Who's who - Roles and Responsibilities
- 7 Protection Principles
- Link to GDPR in Full
- GDPR Cheat Sheet
Key Terms
- Data Subject
- Data Controller
- Data Processor
Who's who? - Roles and Responsibilities
When it comes to handling data, it's important to understand the roles and responsibilities that each person has.
- The private individual whose information we are using is called the "data subject".
- The "data controller" is the entity (person, organization, etc.) that determines the purpose, the why, and the how for processing personal data.
- The "data processor" is the entity that actually performs the data processing on the controller's behalf.
7 Protection Principles
| Lawfulness, fairness and transparency | Lawfully, fairly and in a transparent manner in relation to individuals |
| Purpose limitation | Collected for specific and explicit and legitimate purposes and not further processed or used beyond that |
| Data minimization | Adequate, relevant and limited to only what is necessary in relation to the purposes for which they are processed |
| Accuracy | Every reasonable step must be taken to ensure that personal data is accurate and, where necessary, kept up to date and that inaccurate data is deleted. |
| Storage limitation | Store data for no longer than is absolutely necessary for the purposes for which the personal data was collected |
| Integrity and confidentiality (security) | Handle data that ensures appropriate security, including protection against unauthorized access or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures to ensure ‘integrity & confidentiality.” |
| Accountability |
The Data Controller shall be responsible for and should be able to demonstrate compliance with GDPR and Data Protection. The Data Processor must ensure that data is stored and processed correctly and can only carry out the instructions of the Data Controller (assuming they are lawful) |
Link to GDPR in Full
You can read GDPR in its entirety at the Information Commissioner's Office.
GDPR Cheat Sheet
- Applies to all citizens of the European Union.
- Fines are 4% of global turnover ($400 million for Encore)
- Steps must be taken to ensure personal data is accurate
- Stored data should be deleted once it no longer serves a purpose
- Data controllers (client) control procedures and the purpose of data
- Data processors (Encore) process data and securely store it
- Clod storage is not exempt from GDPR
- Requires companies to respond within 30 days to data requests
- Requires companies to notify companies of data breaches within 72 hours
- Notification is to the ICO (Information Commissioner's Office)
- You have to tell the regulator of a breach within 72 hours; that’s why clients often ask to be notified within 24 hours or 48 hours in their terms, as they want to be aware before the ICO has to be informed.
- Requires companies to get explicit consent for users' data to be used in specific ways and ask users to actively opt-in rather than opt out of participation.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article