Recently, GDPR has been making headlines, but what is it? The General Data Protection Regulation is a law developed by the European Union (EU), which went into effect May 25, 2018. Regardless of where an organization is located, the law protects the personal information of all EU residents and requires organizations to maintain the privacy and security of their personal information according to a recent SANS institute newsletter. A few highlights of GDPR include:
- Personal data should be processed lawfully, fairly and transparently.
- Individuals need to be told what is being collected and why.
- Personal data should be collected only for specific, explicit and legitimate purposes and should only be kept for as long as required for that purpose.
- Data must be kept up-to-date and accurate.
- Individuals have the right to receive a copy of their data and can request it is no longer used.
- Organizations must implement appropriate security measures to protect personal data against accidental unlawful destruction, loss, alteration or disclosure.
- All personnel who handle personal data must be trained in how to properly secure and protect data.
Even though GDPR is a law in the EU, it’s something everyone around the globe should be aware of. Read the entire SANS newsletter for more background here: GDPR.