Risk Management Framework

GDPR

General Data Protection Regulation (GDPR) provides a security framework around how personal data is collected stored, handled, and processed. While GDPR originated in the EU, it applies to any enterprise that comes in contact with personal data of any EU citizen or resident.

Framework Summary

According to the GDPR website, there are seven data protection principles that organizations must follow:

  1. Lawfulness, fairness and transparency — Processing must be lawful, fair, and transparent to the data subject.
  2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  4. Accuracy — You must keep personal data accurate and up to date.
  5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

Free Discovery Session

Have a quick question?
Email us: cybersecurity@mindpointgroup.com
Give us a call: (703) 636-2033 Option 2