General Data Protection Regulation (GDPR)
Implemented May 25th, 2018, GDPR holds higher data protection laws and regulations throughout the EU. It greatly increases the burden of data controllers, holding the employer entirely responsible for data breeches and any issues that may occur.
What is personal data?
The simple answer is that it’s anything that can be used to identify you. The loss of this information leads to identity theft.
The EU General Data Protection Regulation (GDPR) defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
Types of personal data include: name, address, phone, email, birthdates, and bank account and credit card numbers, etc. The list continues to grow with new and revised legislation and court rulings.
Other personal data includes health information, medical records, vehicle identification numbers, license plate numbers, login credentials and passwords, education records as well as voice recognition files, fingerprints, retina scans, and handprints.
What is the difference between PCI and personal data?
PCI data (payment card industry data) is just one type of personal data. The PCI Data Security Standard (PCI DSS) protects credit cardholder data such as debit or credit card number, expiration date and card security code.
What is a personal data breach?
A personal data breach is defined in the GDPR as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
What are some examples of a breach?
A breach can occur in many ways, including through lost laptops or smart phones, loss or improper disposal of paper records, intrusion into your network or PC by hackers and theft. The definition continues to expand.
How can I limit the threat of a data breach?
Almost everyone can do more to protect personal data. CSR Readiness® helps you assess your risk in handling personal data, remediate your processes, implement policies, train staff and continue to monitor and audit, as required by laws and regulations..