Data privacy is the sector of information technology that deals with the ability an organization or individual has to determine what data in a computer system can be shared with third parties. Furthermore, it deals with establishing parameters and protocols around keeping sensitive information safe. In the United States, legislation concerning data policy have been enacted in a sectorial manner, meaning that each law has been created in response to the specific needs of a particular industry of the population. Technology is moving so fast that it is difficult for the law to keep up. It is paramount for an attorney in this space to be always educating themselves on involving issues in data privacy and cyber security.
The EU General Data Protection Regulation (GDPR) was designed to blend data privacy laws across Europe, to protect and empower all EU citizens data privacy, and to reshape the way organizations across the region approach data privacy. The GDPR aims to give citizens and residents control over their personal data as well as to simplify the regulations for international business through unifying the regulation within the European Union. The GDPR states that business processes that handle personal data have to be built with data protection by design and by default. This means that personal data must be stored using pseudonymization or full anonymization as well as use the highest possible privacy settings by default to ensure that the data is not available publicly without informed consent. Under this regulation, there is not to eb any personal data processed unless it is done under a lawful basis specified within the regulation or if the data controller received an individualized affirmation of consent from the data control. The data subject may revoke this consent at any time.
Bolimini International will take a deeper dive into the GDPR in a later post. Stay tuned!