IDC Names Securiti a Worldwide Leader in Data Privacy

View
Contact Us Schedule a Demo

What is GDPR

Difference between CPRA and GDPR
By Privacy Research Team
Published August 4, 2023

Overview

In 2016, the European Commission replaced its long-existing Data Protection Directive with a modernised version, the General Data Protection Regulation (GDPR). The GDPR is based on the EU Charter of Fundamental Rights that considers the protection of personal data an individual’s fundamental human right.

The objective of the GDPR is to ensure the protection of personal information through a human rights-centric approach and allow secure transfer of personal information within and across jurisdictions. At present, the GDPR is considered to be one of the best global practices in relation to data protection and privacy legal landscape.

Rights Under GDPR

The GDPR provides the following rights for individuals. However, each right has its limitations with respect to circumstances under which it will not be exercised. For example, any “manifestly unfounded or excessive” request of a data subject may be refused to be exercised by the controller, in particular, because of its repetitive character.

What is CCPA

The right to be informed

Individuals have the right to be informed about the collection and use of their personal data. This includes information to be provided in “a concise, transparent, intelligible and easily accessible form, using clear and plain language” to data subjects.

The right of access

Consumers have the right to access their personal data withheld by an organization, to be informed of appropriate safeguards relating to transfer of their personal data, and to obtain a copy of their personal data.

The right to rectification

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.

The right to erasure

This right entails that the controller erases personal data without undue delay upon a data subject’s request. The right to erasure is also known as ‘the right to be forgotten’.
What is CCPA

The right to restrict processing

Individuals have the right to request the restriction or suppression of their personal data. As per Article 18 of the GDPR, data subjects must be informed before any such restriction is lifted.
What is CCPA

Rights in relation to automated decision making and profiling

Article 22 of the GDPR allows right not to be subject to decision based solely on automated processing, including profiling that has legal or similarly significant effects on data subjects.
What is CCPA

The right to object

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances. There exists an absolute right to object to data being processed for direct marketing purposes.
What is CCPA

The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services in a structured, commonly used and machine-readable format. It allows data subjects to move, copy or transfer their personal data easily from one IT environment i.e. from one controller to another in a safe and secure way, without affecting its usability. The right to data portability may not be exercised where it is not technically feasible to do so.

Who needs to comply?

The General Data Protection Regulation is not specific to the European Union, but applies to any organisation operating within or outside the EU which offers goods and services to customers or businesses in the EU.

If we dive into the specifics, there are two different types of data-handlers this legislation applies to, known as the 'processors' and 'controllers'. The exact definitions of each are laid out in Article 4 of the GDPR

Controller: “A person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of processing of personal data”
Processor: “A person, public authority, agency or other body which processes personal data on behalf of the controller”

Compliance risks under the GDPR

For non-serious infringements, fines can go up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. This includes violations of articles governing:

  1. Controller and Processors
  2. Certification Bodies
  3. Monitoring Bodies

For Serious infringements fines can go up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. This includes violations of articles governing:

  1. Basic principle of processing
  2. The conditions for consent
  3. The data subjects’ rights
  4. The transfer of data to an international organization or a recipient in a third country

Key Definitions Under GDPR

Data controller

A person, public authority, agency or other body which alone or jointly with others, determines the purposes and means of processing of personal data.

Data processing

Any action performed on data, whether automated or manual. This can include collecting, recording, organizing, structuring, storing, using and erasing data.

Data subject

The person whose data is processed. These can be your customers or visitors on your site.

Data processor

A person, public authority, agency or other body which processes personal data on behalf of the controller.

Personal data

Information that relates to an individual who can be directly or indirectly identified. This includes names, email addresses, location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions. Pseudonymous Data can also fall under the definition if it is possible to ID someone from it.

Automating privacy operations across your organization

The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.

Get the Book

“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”

- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc

Automating Towards Compliance

securiti.ai’s award-winning compliance solution revolves around the concept of PrivacyOps, which calls for utilizing robotic automation, artificial intelligence and machine learning to provide enterprises with a system that automates majority of compliance tasks, freeing up crucial resources for other areas of business.

securiti.ai helps businesses discover data over a web of internal and external systems, stitch a data graph to link personal data with each individual, conduct automated internal assessment of policies as well as third-party vendors, manage consent and do a lot more!

While businesses may hesitate to take the leap towards automation from their current manual methods with the fear of costs and change in infrastructure, it is evident that automation is truly the way forward. Automation will increase the ROI as well as increase productivity, lowering cost and improving accuracy, in other words, it will pay for itself and bring organizations a number of benefits along with it.

Key facts

1

The GDPR stands for the General Data Protection Regulation

2

The GDPR went into effect on May 25, 2018

3

Penalties for non-compliance can go up to €20 million, or 4% of the firm’s worldwide annual revenue

4

The GDPR gives eight fundamental rights to the consumer which include:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
5

According to the GDPR enforcement tracker, from July 2019 till date, the total GDPR fines that have been paid globally is €436,948,087

Frequently Asked Questions (FAQs)

What is the GDPR in simple terms?

General Data Protection Regulation, commonly called GDPR, is a European Union regulation designed to give individuals in the EU more control over their personal data. The GDPR lays out guidelines for how organizations can collect, use, store, and share personal information while respecting individuals' privacy rights.

What is GDPR and its purpose?

The GDPR aims to strengthen the data protection rights of individuals and harmonize data privacy laws across the EU member states. Its purpose is to give individuals more control over their personal data and establish a consistent framework for businesses to handle and protect that data.

What are the 7 principles of GDPR?

The 7 principles of GDPR are:

  1. Lawfulness, Fairness, and Transparency.
  2. Purpose Limitation.
  3. Data Minimization.
  4. Accuracy.
  5. Storage Limitation.
  6. Integrity and Confidentiality.
  7. Accountability.

What are the 4 key components of GDPR?

The 4 key components of GDPR are:

  1. Data Protection Principles.
  2. Rights of Data Subjects.
  3. Legal Bases for Data Processing.
  4. Responsibilities and Obligations of Data Controllers and Processors.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share

More Stories that May Interest You

Navigating Generative AI Privacy | Challenges & Safeguarding Tips View More

September 21, 2023

Navigating Generative AI Privacy Challenges & Safeguarding Tips

Introduction The emergence of Generative AI has ushered in a new era of innovation in the ever-evolving technological landscape that pushes the boundaries of...

Kuwait’s DPPR View More

September 13, 2023

Kuwait’s DPPR

Kuwait didn’t have any data protection law until the Communication and Information Technology Regulatory Authority (CITRA) introduced the Data Privacy Protection Regulation (DPPR). The...

UK GDPR & Data Protection Act Banner View More

September 12, 2023

The UK GDPR & Data Protection Act (DPA) 2018: Explained

Following the end of the Brexit Implementation Period on 31 December 2020, the United Kingdom is no longer subject to the European Union General...

Take a
Product Tour

See how easy it is to manage privacy compliance with robotic automation.

Watch a demo

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.

Copyright © 2023 Securiti · Sitemap · XML Sitemap

Newsletter

Company

Resources

Terms

Get in touch

[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128

Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend