Your Guide to GDPR Compliant Data Collection and Processing in 2022

figure 1: CCTV footage blurring

GDPR Requirements: What do you need to know?

  • Basis and transparency: where companies provide details on why data collection and processing is taking place, transparency on the type of data that is being collected, details on who has access to the data files.
  • Data security: implementation of data privacy by default and by design protocol, where data protection is taken into account from the initial stage of product development, and consistently at each step in the data processing. Organizations must ensure that personal information is encrypted, anonymized, and cannot be traced to an individual without their consent.
  • Accountability and governance: where an organization is transparent in actions taken to ensure the privacy of the data, and a plan on how the data will be discarded once the purpose of collection has been fulfilled. Organizations must ensure that they keep records of all the above-mentioned steps in order to be able to demonstrate to an auditor that the organization meets the GDPR requirements.
  • Individual privacy rights: finally, one of the most crucial points of action that organizations need to implement: organizations must always uphold the individual’s rights to their personal data. This includes the right of the individual to be informed about their data being captured and processed, the right to access the data, the right to the rectification and erasure of the data, and the obligation of organizations to notify the individual about the erasure of their data.
  1. The organization is a public authority, whereby personal data is processed by that public authority, with an exemption for courts and independent judicial authorities.
  2. The organization regularly handles large-scale data, where the processing of individual data is the main activity for the organization to achieve its goals.
  3. The organization handles large-scale data from special data categories, this includes an individual’s race or ethnicity, political and religious beliefs, health data, and sexual orientation.

Personal information: What is it and how can you protect it

figure 2: blurring street view camera footage
  • An organization can proactively ask for consent from all data subjects before collecting data.
  • An organization can delete any personal information it finds in its database.
  • An organization can anonymize all data that contains personal information from the database.

Consequences: What happens if an organization is found to be non-compliant?

source: https://dataprivacymanager.net/how-to-calculate-gdpr-fines-general-data-protection-regulation-criteria-for-fines/

NavInfo Europe’s GDPR Compliance Package

figure 3: data management process for GDPR compliance

--

--

--

Helping companies power their future with intelligent solutions in AI, Simulation, Map Data Services, and Cybersecurity.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cyber all the things

A vulnerability or a feature?

A Minute with EPNS 48🔔

InsureDAO testnet guide

How to Add New Networks and Tokens to MetaMask

EVA Fortress Pool V1 Public Beta Rules

Townhall Report of 2 Week Period

Container Vulnerability Scanning Tools

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
NavInfo Europe

NavInfo Europe

Helping companies power their future with intelligent solutions in AI, Simulation, Map Data Services, and Cybersecurity.

More from Medium

How to Compress Images without losing quality for FREE.

Design Unpredictable AI in Games. Part 1 — Architecture

Jewelled Diaper or Snuffbox? AWS image recognition at its quirkiest

Create ripples using plane mesh in UE4