Data 4.0 (Part 4)
prev: Data 4.0 (Part 3)
Greeting all guy and myself again!
As my word, this is a brief article of ‘GDPR’
GDPR (General Data Protection Regulation)
GDPR is legal statements written in 2016 and has been announced in 2018. The main concept is to protect and secure the customer’s confidential data and privacy.
3 Roles in the process
GDPR defines peoples of the data process into 3 groups:
- Data subject
That is us, the data owner. - Data controller
A ruler who defines objectives, methods, solutions, etc. for managing the data owners with CONSENTS - Data processor
Work force for processing, analysing, recording, and storing the data from owners under the rules and regulations defined by data controllers
3 Areas of Effect of GDPR
GDPR must be applied when meets any of these 3 conditions:
- Data processors or data controllers’ establishments are in Europe
- Businesses run for citizens in Europe (goods or services available in Europe)
- Procedures relate to transactions in Europe or other regions which have legal conditions with Europe
Consent alignments
As mentioned before, consents are needed for the process to express data owners’ wills. The consents must align the following:
- Freely given
Data owners have their own decisions to give or not to give their data without any backfires if they don’t give it. - Specific
There must be specific objectives for the process - Informed
Data owners have to acknowledge the process - Unambiguous
Clear acts must be applied and be affirmed in the process such as data owners’ fingerprints can be provable.
Privacy by design
GDPR does not defined design theories. However, there are 7 fundamental design theories:
- Proactive not reactive
Data controllers must design the process for incident protections first. - Default privacy
Privacy setting must be enabled automatically and by default. In case of unclear data usage conditions, the highest setting level must be applied. - Privacy embedded
Data controllers must consider privacy issues as the infrastructure not the add-ons - Full functionality
Privacy setting must not be blockers to the system and its functions. - End-to-End security
Design supports the security for whole process thoroughly - Visibility & Transparency
The process must be transparent to all accessories i.e. users, provider, or stake-holders. - User-centric
Prioritise users and their privacy.
Yeah, we have finished GDPR lesson. Next, we go to Thailand version that we call it PDPA. Stay tuned! 😸
next: Data 4.0 (Part 5)