General Data Protection Regulation (GDPR) is a regulation on the protection of personal data adopted by the European Union on May 25, 2018.
The document applies to all companies that work with the personal data of EU citizens.
Personal data
According to GDPR, personal data includes general data, physical parameters of a citizen (gender, skin color, height, etc.), online data (IP address, e-mail, accounts, etc.), information about bank accounts, property and vehicles.
In case of violation, the controller is subject to a fine in accordance with the requirements of the regulations. The GDPR also offers other types of punishment in case of violations of the rules: for example, a ban (temporary or lifelong) on the processing of personal data or a warning.
Information security audit
Terms of the regulations
Confidential data is processed by organizations in accordance with the following GDPR provisions:
- Legality. In order to process and store personal data, the company must have the appropriate legal documents. This confirms the legality of transactions with confidential information.
- Approval. The participant whose personal data will be processed must be notified of this fact and express his consent. Otherwise, it will be considered a violation of the rules.
In relation to minor citizens (persons under the age of 16), the document regulates obtaining consent to the processing of personal data from the legal representatives of the child.
- Criminals. If the participant is a person associated with criminal prosecution, then the processing of his data is carried out only under the control of a special organization.
- Optional identification. If the processing or storage of data does not require unambiguous identification of a citizen, then the company is not obliged to store or transfer the participant’s personal data.
It is prohibited to process confidential information that discloses the participant’s belonging to a certain race or gender, as well as biometric or genetic data.
General Data Protection Regulation has established new rules in the field of processing and storing confidential information for companies that offer online services. In case of violations of the rules, an appropriate punishment is provided, up to a lifetime ban on the company’s activities in the field of personal data processing.