Why regulations, such as GDPR, are valuable to adhere to - even if you are not mandated to follow it.
- The term "privacy" denotes a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released.
- The term "security" describes techniques that control who may use or modify the computer or the information contained in it.
- The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.**
Privacy by DesignPrivacy by design (PbD): a framework described by Dr. Ann Cavoukian, promoted the concept while acting as the Information and Privacy commissioner in Ontario, Canada and an advocate of default online privacy. She is currently the Executive Director of the Privacy and Big Data institute at Ryerson University.
PbD, a framework that has been around since the 90’s evangelizes a user centric (openness and transparency) approach to privacy, by keeping the user and their data at the center of all things important, theorizes 7 foundational principles to control the effects of information and communication technologies. They are: