What is GDPR?

Understanding GDPR

Shalini Kurapati, CIPP/E

Co-founder, Clearbox AI

GDPR scope

Illustration of a partial map of Europe. Next to the map is a picture of a lock bearing the EU flag. The illustration has a background filled with 0s and 1s depicting data.

Covers people and companies in the EU
Global scope: Data of EU citizens
Personal data:
- processed by automated means
- manual: part of a filing system
Belongs to natural persons/ data subjects

Personal data under GDPR

Illustration showing the id badge of with a head-shot of a man wearing a suit and glasses.

Identified or identifiable: directly or indirectly
Natural person or the data subject
Names, photos, SSN, and unique ids etc.
Cultural identity, socio-economic status etc.
Special categories

¹ GDPR text: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (http://data.europa.eu/eli/reg/2016/679/oj)

Special categories

Highly sensitive data
Types:
- Health, biometric data
- Sexuality and sexual orientation
- Criminal records
- Religious beliefs, political affiliations, union memberships
- Vulnerable groups, children under 13
Special considerations including additional obligations

Data processing

A illustration representing personal data processing. It shows several people connected through digital channels connected to a cloud.

Activities include: Collection, organization, analysis, storage, sharing, retrieval, erasure, and many more.

Examples include:

Video recording/CCTV cameras
Sharing or selling personal data
Payroll/HR
Accessing databases
Shredding

¹ Documenting data processing:The EDPS guide to ensuring accountability, doi:10.2804/717377

What the law says

Don't process personal data
Unless you have a legal basis (Article 6)
Follow GDPR principles (Article 5)
Ensure data subject rights (chapter III, articles 12-21)
Sensitive data: extra measures
Data Protection Impact Assessment
Don't worry; we will clarify these articles in chapter 2

¹ GDPR: Regulation (EU) 2016/679 http://data.europa.eu/eli/reg/2016/679/oj

GDPR fines

Illustration with a gavel next to law books and a set of balance scales representing judgement

Fines are deterrents for non-compliance
Up to €20,000,000 or 4% of turnover, whichever is higher
Roles, responsibilities and enforcement

Let's practice!

Understanding GDPR