GDPR SUMMARY – WHAT YOU SHOULD KNOW

This summary contains what the General Data Protection Regulation is, personal data and principles to ensure data protection across the UK and Europe

Get In Touch

We will not share your details with third parties.

Shall we keep you informed on the threat reports & useful guidance? No salesy newsletters. View our privacy policy.

GDPR

Being the standardised data protection law, GDPR directs a wide range of legislation passed by the European Union (EU) to secure and maintain the privacy of the personal data of EU citizens. 

The law watches the businesses incorporate GDPR principles, adopt adequate security strategy and technical measures to protect the personal data of the EU citizens. It also focuses on creating a security conscious workflow in the businesses aimed towards reducing cyber attacks, including privacy outbreaks.

GDPR summary

Who does the GDPR apply to? What about post-brexit changes?

The GDPR impacts all organisations around the globe that sell services/ products to the EU and process the personal data of EU residents and citizens. It applies to both data ‘processors’ and ‘controllers’, therefore, legally holds them liable in case of data breaches.

This includes both data controllers and processors and covers multiple aspects of data usages, such as collection, storage, retrieval, alteration and destruction. Businesses can ensure adherence to EU law (GDPR) by examining the data relationship with their customers. This will help them evaluate and ensure the need for privacy mechanisms or regulatory policies to meet the expectations and specifications of GDPR.

The UK left the EU on 31st January 2020. After the transition period (from 01.01.2021), the EU GDPR no longer applies directly to the UK. UK’s equivalent of GDPR is called ‘UK-GDPR’. The DPA (Data Protection Act) 2018 puts EU GDPR’s requirements into practice. 

overview of GDPR

How does GDPR define personal data?

Article 4 of GDPR provides a broad context of personal data under its regulatory regime. It refers to personal data as any information relating to an identified or identifiable natural person. This definition of personal data processing includes all information that could directly or indirectly identify the individual through any one or more combination of sources. 

The GDPR protects personal data irrespective of technology and applies to manual and automated processing. Some examples of personal data are:

  • a name or an email address such as name or [email protected];
  • an ID card number such as driving license, National Insurance (NI) number;
  • home address or location data e.g. location services using mobile applications;
  • IP address or online identifiers such as cookie ID, advertising identifier, etc;
  • Records containing personal data such as health records, HR records, customer details, payment details, etc.
GDPR personal data

How does the GDPR differ from the Data Protection Act (DPA) 2018?

GDPR regulates the whole EU citizens’ personal data protection and is far more detailed and demands far more compliance than DPA 2018, that is, the UK implementation of GDPR. The following eight areas are the main differentiators between EU GDPR and Data Protection Act (DPA) 2018.

Personal INFORMATION

An extended definition of personal data that includes identifiers such as IP address, Internet cookies and DNA.

Right to be forgotten

GDPR grants the rights to an individual to request the removal of personal data 

Consent

GDPR supports individual to consent to refuse automated decision profiling

Penalties

GDPR imposes an increased level of penalties in case of a data breach or failure to comply with the regulations

Data Protection Officer

GDPR mandates the appointment of a Data Protection Officer for specific organisations that process a large amounts of particular categories of data

Privacy Impact

 GDPR mandates the privacy impact assessment to verify if the organisation fulfils the individual’s privacy expectations and conditions

Child Consent

In the case of GDPR, children over the age of 16 can consent to data processing, whereas the DPA sets this at 13.

Data subject rights

GDPR embraces protected measures on subject rights , whereas DPA 2018 has waived the subject rights in some cases (scientific, historical or archiving) 

Article 5 GDPR - The data protection principles

The design of GDPR to protect the data privacy rights of EU citizens is mainly developed over six fundamental principles, with the seventh principle ‘accountability’ as the UK GDPR principle. These principles are the central approach to processing personal data in line with GDPR.

  1. Lawful, fairness and transparency: Personal data must be collected and processed lawfully, fairly and in a transparent manner
  2. Purpose limitation: The collected data must be used for specified, explicit and legitimate purposes
  3. Data minimisation: It should be adequate, relevant and limited to what is necessary  
  4. Accuracy: Personal data records collected should be accurate and where possible kept up to date
  5. Storage limitation: Data should not be stored longer than required 
  6. Integrity and confidentiality (security): Personal data processing must be done in a secure manner, ensuring data protection against unauthorised or unlawful processing and accidental loss, destruction or damage.
  7. Accountability: According to the UK GDPR regulator, ICO, accountability is the seventh data protection principle. It states: The accountability principle requires you to take responsibility for what you do with personal data and how you comply with the other principles. You must have appropriate measures and records in place to be able to demonstrate your compliance.
GDPR principles data protection

More than tick-box approach

GDPR Compliance

Our GDPR solutions are not aimed to push false promises with 100% security and sell fear and uncertainty. The tailored approach helps to assess and address gaps in your cyber security controls as well as strategy, helping you to prepare for detection, response and recovery against the inevitable.

ASSESSMENTS

Develop an understanding of your environment to manage cyber risk effectively

MANAGED SECURITY SERVICES

Outline safeguards to limit/contain the impact of an incident

SECURITY COMPLIANCE

Achieve security compliance while demonstrating your strong commitment to data security

Recent Blog Entries

What is cyber security architecture? Elements, purpose and benefits

Read about the definition of cyber security architecture, it’s meaning, elements, purpose and benefits of usage. Discover how good architectural processes are pillars of strength for data protection.

How often should you perform vulnerability scanning? Best practices shared

Read best practices around vulnerability scanning frequency and which factors help you decide how often a scan should be fun.

What is the Principle of Least Privilege?

Discover what is the principle of least privilege, examples, advantages and best practices to help organisations limiting malware and cyber attacks.

Everything you need to know about vulnerability scanning

Discover why your business needs vulnerability scanning, what it is, how to use it and how it supports risk management. Read more.

Why is cyber security important?

Discover why cyber security is important and how it acts as a growth enabler for businesses while protecting your most prized assets.

What is Cyber Kill Chain?

Discover what is cyber kill chain and how to use it effectively. Cyber kill chain vs mitre att&ck models. Read more.

What is Patch Management? How to get it right?

What is patch management and why is it important? Read about benefits & best practices to help your assets against cyber attacks.

Most common types of cyber security attacks (includes threats & attack vectors)

Discover the most common types of cyber attacks affecting businesses worldwide. It also includes a look at cyber threats and attack vectors.

What is an SMB Port? How to check for open ports 445 and 139? SMB versions explained.

Discover the basics around SMB protocol, port 445 and 139 and differences. Read about whether SMB is secure and how to protect against dangerous attacks.

What harm can computer viruses cause?

Discover what harm computer viruses cause, what they do, whether all viruses are harmful. Follow this guide to learn more about how to protect your computer.

BOOK A CALL