While GDPR is primarily a data privacy law, it also includes elements of data security. But of course, GDPR is ambiguous so it’s not very prescriptive when it comes to data security requirements for processing personal data. The law requires each organization to evaluate its own data security based risk, processing activities, and its organizational structure.
Most organizations who are required to comply with GDPR will have a Data Protection Officer (DPO). The requirement to have a DPO applies if you are a public authority, if your regular activities require large-scale and systematic monitoring, or if your core activities consist of large-scale processing of special categories of data.
GDPR divides responsibilities for organizations processing personal data based on their role, so determining which role your organization plays is one of the first steps towards GDPR compliance. You cannot know what your requirements or obligations under the law are until you do so. There are three major roles under GDPR: controllers, processors, and joint controllers. Let’s discuss what each of these roles mean and how your organization can determine which role it plays.
One of the seven major data processing principles of GDPR is to ensure that personal data is processed lawfully, fairly, and transparently. To comply this principle, Chapter 6 of the GDPR requires any organization processing personal data to have a valid legal basis for that personal data processing activity. Think of these as scenarios in which it would be lawful to process data. GDPR provides six legal bases for processing:
GPDR is such a revolutionary law because its focus is so heavily on the data subjects and protects personal data not only in the shape of security, but also in privacy. The law actually gives data subjects seven rights, outlines in Chapter 3.
WEST COAST REGIONAL ADDRESS
1 Sansome St.
35th Floor
San Francisco, CA 94104
CORPORATE & MIDWEST REGIONAL ADDRESS
4235 Hillsboro Pike
Suite 300
Nashville, TN 37215
NORTHEAST REGIONAL ADDRESS
200 Park Avenue
Suite 1700
New York, NY 10166
SOUTHEAST REGIONAL ADDRESS
1228 East 7th Ave.
Suite 200
Tampa, FL 33605
All Rights Reserved
© 2021 KirkpatrickPrice