The GDPR has introduced tighter controls on the security of personal
data and the ability to move it around the globe.
A key principle of the regulation is that personal data is processes securely by means of appropriate technical and organisational measures which is the ‘security principle’. Doing this requires organisations to consider things like risk analysis, organisational policies, and physical and technical measures. They should also take into account additional requirements about the security of their processing, which also applies to data processors.
There is now a duty on all organisations to report certain types of data breach to the authorities and in some cases to the individuals affected. A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations, in order to ensure that the level of protection of individuals afforded by the GDPR is not undermined.
Member States can introduce exemptions from the GDPR’s transparency obligations and individual rights, but only where the restriction respects the essence of the individual’s fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard against defined events.
Solvassure. Compliance Technology.