So, what is GDPR? GDPR is an EU mandated regulation that has been brought in to
standardise the approach to the management of information with
a specific emphasis on accountability that is data processors where the original
accountability was on data controllers,
typically in a modern world now, where information can be distributed and
personal data could be distributed across the globe. It's a risk-based
regulation as well so the main thing is looking at privacy and security by
design so it's not a case of saying we we control data or have data,
it's what type of data do we have? Where is it and how can we control it?
So, does GDPR apply to me? I think you need to ask yourself that question,
what type of data do we hold? And, if you're currently under the data
protection regulations as they currently exist then you will have to enhance some
of your security controls to meet GDPR requirements. Then, you need to ask
ourselves if we don't currently fall under the data protection regulations,
are we a processor? A data processor? Or a sub-processor? And then if we are, where
is that information and how is it secured.
Không có nhận xét nào:
Đăng nhận xét