The General Data Protection Regulation (GDPR) is a data protection regulation governing the data of EU citizens. In this course, the objectives were to ensure you had a clear understanding of the following aspects of GDPR.

1. Organizations that need to comply with GDPR are those that process EU citizen data either directly or on behalf of another company.
2. Data protected by GDPR is data about an individual that can directly or indirectly identify them.
3. Data protection by design and default is a concept in GDPR in which companies should include data protection, or security and privacy, in their operations, product design, and technology.
4. Data subject rights give EU citizen rights to access, delete, correct, restrict use, and to data portability.
5. Data protection impact assessments (DPIAs) are used to assess the risk and mitigations when changes or new technologies are used.

‍

GDPR was a big deal when it was implemented and there is still ambiguity about things like certifications; but, most companies have now adapted their privacy and security programs to meet the requirements of GDPR.