Scribd
Upload
28 views5 pages

GDPR Overview and Compliance Guide

The GDPR is a stringent privacy regulation established by the EU to protect the personal data of its residents, effective since May 25, 2018. It outlines key principles such as lawfulness, fairness, transparency, and data subject rights, while imposing compliance requirements and significant penalties for violations. The regulation aims to enhance individual privacy rights and unify data protection laws across EU member states.

Uploaded by

Kashif Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
28 views5 pages

GDPR Overview and Compliance Guide

The GDPR is a stringent privacy regulation established by the EU to protect the personal data of its residents, effective since May 25, 2018. It outlines key principles such as lawfulness, fairness, transparency, and data subject rights, while imposing compliance requirements and significant penalties for violations. The regulation aims to enhance individual privacy rights and unify data protection laws across EU member states.

Uploaded by

Kashif Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Ref: SBIT/

Dated: March 27, 2024

General Data Protection Regulation GDPR)

Information Sheet

SECUREBEANS
Dallas - Fort Worth Metroplex, Texas-USA.
Phone: +1 (469) 562 3362 Email: info[at]SecureBeans.com

226 NASTP Silicon, Software Technology Zone, Faisal Cantonment, Karachi- Pakistan.
Phone: +92 321 2112225 Email: info[at]SecureBeans.com
Document : GDPR Information Sheet

Contents
1. Introduction to GDPR..........................................................................................................................3
3. Key Principles......................................................................................................................................3
3.1. Lawfulnesss, Fairness, and Transparency:..........................................................................................3
3.2. Purpose Limitation:.............................................................................................................................3
3.3. Data Minimization:.............................................................................................................................3
3.4. Accuracy:.............................................................................................................................................3
3.5. Storage Limitation:..............................................................................................................................3
3.6. Integrity and Confidentiality:..............................................................................................................3
3.7. Accountability:....................................................................................................................................4
3.8. Lawful basis for processing:................................................................................................................4
3.9. Data subject rights:.............................................................................................................................4
3.10. International Data Transfer:.......................................................................................................4
4. Rights of Data Subjects:......................................................................................................................4
5. Compliance Requirements:.................................................................................................................4
6. Penalties:.............................................................................................................................................5
7. Impact on Businesses:.........................................................................................................................5
8. Conclusion:..........................................................................................................................................5

2
Document : GDPR Information Sheet
1. Introduction to GDPR

The GDPR is currently the most robust global privacy regulation in force. It was established by
the European Union (EU) to govern the collection, handling, and safeguarding of personal data
belonging to EU residents. Enforced since May 25, 2018, the GDPR is a binding regulation
integrated directly into the laws of EU Member States. Its primary objective is to fortify privacy
rights by empowering individuals to control how their personal data is acquired, utilized, and
shared.

2. Aims of GDPR

The GDPR was developed with three core aims:

Safeguarding and upholding the fundamental privacy rights of individuals

Streamlining privacy regulations across the EU by superseding the laws of the 28 individual
EU member states and the previous 1995 Data Protection Directive.

Adapting privacy regulations to accommodate the technological advancements that have


transformed the landscape of personal data management over the past 25 years.

3. Key Principles

3.1. Lawfulnesss, Fairness, and Transparency:


Personal data must be processed lawfully, fairly, and transparently.

3.2. Purpose Limitation:


Personal data must be collected for specified, explicit, and legitimate purposes.

3.3. Data Minimization:


Personal data should be adequate, relevant, and limited to what is necessary.

3.4. Accuracy:
Personal data should be accurate and, where necessary, kept up to date.

3.5. Storage Limitation:


Personal data should be kept in a form that permits identification of individuals for no
longer than necessary.

3.6. Integrity and Confidentiality:


Personal data should be processed in a manner that ensures appropriate security, including

3
Document : GDPR Information Sheet
protection against unauthorized or unlawful processing and against accidental loss,
destruction, or damage.

3.7. Accountability:
Data controllers are responsible for and must be able to demonstrate compliance with the
GDPR's principles.

3.8. Lawful basis for processing:


Data processing must have a lawful basis, such as consent, contract, legal obligation, vital
interests, public task, or legitimate interests.

3.9. Data subject rights:


Individuals have rights regarding their personal data, including the right to access, rectify,
erase, restrict processing, portability and object to processing.

3.10. International Data Transfer:


Personal data can only be transferred outside the EU to countries that provide an adequate
level of data protection, or with appropriate safeguards in the place, such as standard
contractual clauses or binding corporate rules.

4. Rights of Data Subjects:


Data Subject: The individual the personal data relates to.

 Right to be Informed
 Right of Access
 Right to Rectification
 Right to Erasure
 Right to Restrict Processing
 Right to Data Portability
 Right to Object
 Rights in Relation to Automated Decision Making and Profiling

5. Compliance Requirements:
 Data Protection Officer (DPO) appointment in certain cases.
 Data Protection Impact Assessments (DPIAs) for high-risk processing.
 Notification of data breaches within 72 hours.
 International data transfers subject to restrictions.

6. Penalties:
Fines up to €20 million or 4% of global turnover (whichever is higher) for serious violations.

4
Document : GDPR Information Sheet

7. Impact on Businesses:
 Increased compliance requirements.
 Enhanced data protection practices.
 Potential for significant financial penalties for non-compliance.

8. Conclusion:
GDPR is a comprehensive regulation that sets high standards for data protection, aiming to give
individuals more control over their personal data and harmonize data protection laws across
the EU and EEA.

You might also like