A Summary of the Key GDPR Requirements

A Summary of the Key GDPR Requirements

Punit Bhatia

15 years: Data privacy & GDPR

In this video, Punit explains the 12 key requirements of GDPR i.e., "Legitimate basis for data", "Information you hold", "Individuals rights", "Consent", "Children's data", "Privacy notices", "Data breaches", "Privacy by design", "Data Privacy impact assessment", "Data Protection Officers", "Third parties" and "Awareness".

In this video, Punit explains the 12 key requirements of GDPR i.e., "Legitimate basis for data", "Information you hold", "Individuals rights", "Consent", "Children's data", "Privacy notices", "Data breaches", "Privacy by design", "Data Privacy impact assessment", "Data Protection Officers", "Third parties" and "Awareness".

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

A Summary of the Key GDPR Requirements

12 mins 25 secs

Key learning objectives:

  • Identify the key requirements of GDPR

  • Explain each of the key requirements in detail

Overview:

Organisations are required to comply with the requirements of the GDPR. Individuals whose personal data is processed can ask organisations about what is being done with their data and why through rights requests. The authorities may also require the entity to show compliance with the privacy obligations set out in the law.

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

Summary

What are the key requirements of GDPR?

1.Legitimate basis for data: An organisation must know and be able to prove that, for any processing it performs upon personal data, there is a legitimate purpose for doing so.

2. Information you hold: An organisation should keep data only insofar as necessary.

3. Individuals rights: Individuals have the right to:

  • Ask what information one has about them and what one does with it
  • To ask for correction
  • To object to processing
  • To lodge complaint
  • To withdraw consent
  • To request deletion of their personal data

4. Consent: The individual should have express and direct consent to the processing of personal data.

5. Children's data: For processing of children’s data, GDPR requires the explicit consent of the child’s parents (or guardian) for minors less than 16 years of age.

6. Privacy notices: Organisations must make their approach to the security of personal data transparently known in a privacy notice that is readily available to data subjects. This privacy notice should have a simple, easily understood language.

7. Data breaches: Organisations must maintain a data breach register and, based on risk the regulator and data subject should be informed within 72 hours of identifying the breach.

8. Privacy by design: Mechanisms for the security of personal data should be incorporated in the design of new systems and processes so that privacy and protection aspects are guaranteed by default.

9. Data Privacy impact assessment: When introducing new initiatives like a project, campaign, or product that would process personal data, the company must perform a data privacy impact assessment to review the impact and potential risks.

10. Data Protection Officers: The company should, in certain circumstances, designate a data protection officer whose name is published on the website of the company and known by the regulator so that he/she can be contacted by data subjects or regulators where appropriate.

11. Third parties: The controller of personal data has the responsibility to ensure that personal data is protected and GDPR requirements are respected, even if processing is performed by a third party.

12. Awareness: To make the staff aware of key data security standards, perform daily training to ensure that personal data of data subjects are secured and that violations are detected as soon as possible.

Speak to an expert

Speak to an expert today to access this and all of the content on our platform.

Punit Bhatia

Punit Bhatia

Punit Bhatia is a passionate author, speaker, and advisor. He provides strategic coaching and advice to privacy experts, business owners, and upcoming privacy professionals. Punit is known for providing advice that is simple, pragmatic and business-aligned.

There are no available Videos from "Punit Bhatia"