General Data Protection Regulation (GDPR)

Introduction

GDPR is a law designed to protect user data in the European Union (EU).
Enacted by the EU in 2016 to ensure data security.
Applicable to organizations globally if they handle data related to people in the EU.

Technology and internet evolution necessitated modern data protections.
- 1995: European Data Protection Directive established minimum data privacy standards.
- 1994: First banner ad appeared online.
- 2000: Majority of financial institutions offered online banking.
- 2006: Facebook opened to the public.
- 2011: A Google user sued for email scanning.
EU recognized the need for a comprehensive data protection approach, leading to the development of GDPR.

Lawfulness, Fairness, and Transparency
- Data processing must be lawful, fair, and transparent to the data subject.
Purpose Limitation
- Data must be processed for legitimate purposes specified to the data subject at collection.
Data Minimization
- Only collect and process data necessary for the specified purposes.
Accuracy
- Maintain accurate and up-to-date personal data.
Storage Limitation
- Store personally identifying data only as long as necessary for its purpose.
Integrity and Confidentiality
- Processing must ensure appropriate security and confidentiality.
Accountability
- Data controllers must demonstrate GDPR compliance with these principles.

Consent
- Specific, unambiguous consent from the data subject.
Contractual Necessity
- Processing necessary for execution/preparation of a contract with the data subject.
Legal Obligation
- Necessary to comply with a legal obligation.
Vital Interests
- Necessary to protect someone’s life.
Public Interest or Official Functions
- Necessary for tasks in the public interest or official functions.

Note: This video encourages viewers to like, share, and subscribe for more content.