Global Data Privacy Regulation
Download as PPTX, PDF1 like124 views
The document provides an overview of key aspects of the General Data Protection Regulation (GDPR) for web developers. It discusses GDPR requirements around personal data, privacy by design, cookies, and privacy notices. The GDPR strengthens data protection for all individuals within the EU and emphasizes transparency about how personal data is collected and used. It requires companies to implement privacy-by-design, obtain consent for data uses, provide privacy notices, and give users control and access to their personal information. The document advises web developers to carefully consider their role in collecting, storing, and processing personal data in accordance with GDPR principles and requirements.
![Principles
• Purpose limitation
Data can be collected and used only for those purposes that have been transmitted to the data subject and
about which the consent was received. Purpose must be “specified, explicit and legitimate”
• Data minimization
Personal data to be collected should be “adequate, relevant and limited to what is necessary in relation to
the purposes for which they are processed”.
• Accuracy
Personal data must be “accurate and where necessary kept up to date”. You must make sure that you do
not retain old and outdated contacts and ensure the erasure of inaccurate personal data without delay
• Storage limitations
Company would have to set the retention period for personal data you collect and justify that this period is
necessary for your specific objectives
• Integrity and confidentiality
The principle of integrity and confidentiality requires you to handle personal data “in a manner [ensuring]
appropriate security”, which include “protection against unlawful processing or accidental loss, destruction
or damage”.](https://image.slidesharecdn.com/gdpr-200706102645/85/Global-Data-Privacy-Regulation-4-320.jpg)
Global Data Privacy Regulation
- 1. Global Data Privacy Regulation Every Data Counts
- 2. Agenda • GDPR • Principles • Web Developer Role • What Is Personal Data? • Privacy By Design • What are cookies • What is a privacy notice?
- 3. GDPR • GDPR requires you to be more thoughtful about the sites and services you build, more transparent about the ways you collect and use data, more considerate of your users, and more thorough in your development and documentation processes. • General Data Protection Regulation (GDPR), which becomes enforceable across Europe on 25 May 2018. This is an overhaul, modernization, and replacement of the existing framework, the Data Protection Directive of 1995. • GDPR adds is new definitions and requirements to reflect changes in technology which simply did not exist in the Data Protection Directive. It also tightens up requirements for transparency, disclosure, and process. We all have to become more diligent about: • What data we collect, • How we collect it, and • What we do with it. In current turbulent times, these privacy obligations are about ethics as well as law.
- 4. Principles • Purpose limitation Data can be collected and used only for those purposes that have been transmitted to the data subject and about which the consent was received. Purpose must be “specified, explicit and legitimate” • Data minimization Personal data to be collected should be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed”. • Accuracy Personal data must be “accurate and where necessary kept up to date”. You must make sure that you do not retain old and outdated contacts and ensure the erasure of inaccurate personal data without delay • Storage limitations Company would have to set the retention period for personal data you collect and justify that this period is necessary for your specific objectives • Integrity and confidentiality The principle of integrity and confidentiality requires you to handle personal data “in a manner [ensuring] appropriate security”, which include “protection against unlawful processing or accidental loss, destruction or damage”.
- 5. Principles • "Implement anonymization or pseudonymization into the systems. • Data anonymization is a type of information sanitization whose intent is privacy protection. It is the process of removing personally identifiable information from data sets, so that the people whom the data describe remain anonymous. • Pseudonymization is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms." • Accountability Company is responsible for compliance with the principles of the GDPR. It requires a thorough documentation of all policies that govern the collection and procession of data.
- 6. Web Developer Role • Web developers have a major role to play here. After all, healthy data protection practice is as much about the development side — code, data, and security — as it is about the business side of process, information, and strategy. • Below, we’ll explore what you, as a developer, need to know about the new data protection regime.
- 7. What Is Personal Data? This is defined as “any information relating to an identified or identifiable natural person.” This can be one piece of information or multiple data points combined to create a record. Beyond personal data there is also sensitive personal data, defined as information about a person’s: • Racial or ethnic origin • Political opinions • Religious or philosophical beliefs • Trade union membership • Health data • Sex life or sexual orientation • Past or spent criminal convictions
- 8. What Is Personal Data? GDPR expands the definition of personal data to include: • Genetic data • Biometric data (such as facial recognition or fingerprint logins) • Location data • Income • Online identifiers • IP addresses • Mobile device IDs • Browser fingerprints • RFID tags • MAC addresses • Cookies • Telemetry • User account IDs
- 9. Privacy By Design The Privacy by Design framework has seven foundational principles: • Privacy must be proactive, not reactive, and must anticipate privacy issues before they reach the user. Privacy must also be preventative, not remedial. • Privacy must be the default setting. The user should not have to take actions to secure their privacy, and consent for data sharing should not be assumed. • Privacy must be embedded into design. It must be a core function of the product or service, not an add-on. • Privacy must be positive sum and should avoid dichotomies. For example, PbD sees an achievable balance between privacy and security, not a zero-sum game of privacy or security. • Privacy must offer end-to-end lifecycle protection of user data. This means engaging in proper data minimization, retention and deletion processes. • Privacy standards must be visible, transparent, open, documented and independently verifiable. Your processes, in other words, must stand up to external scrutiny. • Privacy must be user-centric. This means giving users granular privacy options, maximized privacy defaults, detailed privacy information notices, user-friendly options and clear notification of changes
- 10. What are cookies • Cookies are small text files that websites place on your device as you are browsing. They are processed and stored by your web browser. Cookies can also generally be easily viewed and deleted. • Cookies can store a wealth of data, enough to potentially identify you without your consent. Cookies are the primary tool that advertisers use to track your online activity so that they can target you with highly specific ads. Types of Cookies: • Session cookies – These cookies are temporary and expire once you close your browser (or once your session ends) • Persistent cookies — This category encompasses all cookies that remain on your hard drive until you erase them, or your browser does, depending on the cookie’s expiration date. All persistent cookies have an expiration date written into their code, but their duration can vary. According to the ePrivacy Directive, they should not last longer than 12 months
- 11. What are cookies Cookie GDPR compliance: • Receive users’ consent before you use any cookies except strictly necessary cookies. • Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received. • Document and store consent received from users. • Allow users to access your service even if they refuse to allow the use of certain cookies • Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place
- 12. What is a privacy notice? • A privacy notice is a public document from an organization that explains how that organization processes personal data and how it applies data protection principles. GDPR provide detailed instructions on how to create a privacy notice, placing an emphasis on making them easy to understand and accessible. If you are collecting data directly from someone, you have to provide them with your privacy notice at the moment you do so. • The terms “privacy notice” and “privacy policy” are interchangeable
- 13. Thank You! For any queries connect me at jatinkochhar@hotmail.com