The General Data Protection Regulation (GDPR) is a data protection regulation governing the data of EU citizens. In this course, the objectives were to ensure you had a clear understanding of the following aspects of GDPR.
- Organizations that need to comply with GDPR are those that process EU citizen data either directly or on behalf of another company.
- Data protected by GDPR is data about an individual that can directly or indirectly identify them.
- Data protection by design and default is a concept in GDPR in which companies should include data protection, or security and privacy, in their operations, product design, and technology.
- Data subject rights give EU citizen rights to access, delete, correct, restrict use, and to data portability.
- Data protection impact assessments (DPIAs) are used to assess the risk and mitigations when changes or new technologies are used.
GDPR was a big deal when it was implemented and there is still ambiguity about things like certifications; but, most companies have now adapted their privacy and security programs to meet the requirements of GDPR.