The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a European Union Law regarding the protection of personal data and data privacy in the European Union (EU) and the European Economic Area (EEA) (Wolford, 2021). Even though the regulation was passed by the European Union, it imposes obligations to organizations anywhere in the world as long as they deal with data of persons within the European Union. The transfer of personal data outside the EU and EEA is among the key areas addressed by the GDPR (Wolford, 2021). The main aim of the GDPR is to give individuals control over their personal data and ensure uniform data protection regulations within the European Union. The regulation is the toughest data privacy and cybersecurity law in the world. Organizations and individuals who violate the privacy and security standards of the GDPR are liable to harsh fines and penalties, reaching tens of millions of euros (Wolford, 2021). By enacting GDPR, Europe is sending a firm signal regarding data privacy and security following an increase in the use of the internet and cloud storage services, which exposes personal data to malicious individuals. Do you need help with your assignment ? Reach out to us at eminencepapers.com.
Need for GDPR
The General Data Protection Regulation is important as it clearly states what companies that process the personal data of individuals within Europe must do to protect the data rights of their subjects. Following the data revolution in recent years, there has been an increase in the number of organizations worldwide that process personal data on a regular basis. Thus, there is a need for stringent regulations to direct how these organizations use personal data, highlighting the implications that follow a lack of compliance. GDPR regulates enterprises on data security and personal data protection matters and allows massive penalties for organizations that violate data privacy principles (iCaaS, 2019). As such, organizations that process personal data are kept under check, ensuring that they are protected.
Currently, most organizations rely on customer data, such as search histories and transactions, to determine their interests and preferences, as well as knowledge used to inform marketing. With this increase in the use of personal data at the organizational level, there is a surge in the incidences of data misuse by some organizations (iCaaS, 2019). There have also been cases of individuals with malicious intent exploiting weaknesses in organizations’ computer systems to access personal data, using the data to harm the subjects. GDPR encourages the implementation of new data management structures at the organizational level, improving their ability to protect personal data.
G DPR’s Key Principles
Organizations that process personal data are expected to do so according to the seven GDPR principles of accountability and protection discussed below:
Lawfulness, fairness, and transparency
Lawfulness requires that data processes, including collection, storage, and processing, must meet the requirements highlighted in the GDPR. Under fairness, the use of personal data must match with the description given to the subject (Kulakova, 2021). Fairness requires data subjects to know exactly how their data is used.
Purpose limitation
Under this principle, personal data must only be used for the purposes that the subject has authorized.
Data minimization
Data minimization requires organizations to collect minimum data that is only necessary for their purpose without collecting additional information.
Accuracy
Personal data must be accurate and kept up to date. Organizations are required to update personal data and erase inaccurate and outdated data.
Storage limitation
Under storage limitation, personal data should be erased as soon as an organization is done with its intended purpose without delay.
Integrity and confidentiality
The integrity and confidentiality principle requires that personal data be protected from unlawful processing or accidental loss, destruction, or damage.
Accountability
An organization is responsible for ensuring that the personal data they collect is protected (Kulakova, 2021). It is required that every step of data management be documented in an official form and compliance be proven when requested by the authority.
An Organization That Violated the GDPR
Since the GDPR took effect, EU authorities have fined companies over 370 million euros, with a few notable companies contributing to a large share. In July 2019, it was reported that British Airways was hit with a $230 Million fine following a 2018 GDPR data breach (Keane, 2019). According to the regulators, 500 000 people were affected by this breach. British Airlines initially reported that the breach occurred between August and September 2018, affecting 380,000 card payments. Later, it added that 185,000 people who made bookings between April and July were also affected (Keane, 2019). The breach involved people visiting the British Airlines website being redirected to a fraudulent site where personal details, including name, billing address, email, and payment information, were collected. The breach violated the integrity and confidentiality of customers’ data. According to GDPR, personal data must be protected from unlawful processing or accidental loss, a principle that British Airways failed to guarantee.
EU’s GDPR vs. US Data Protection Laws
Both the GDPR and US data Protection Laws aim to ensure that organizations that collect, store, and process personal data take responsibility for protecting the data. The principles that guide data protection in both regulations are aimed at ensuring the responsible use of personal data. Both the EU’s GDPR and the US Data Protection Laws give individuals control over their personal data and determine how the data can be used. However, the United States opted for a different approach to data protection, where sector-specific regulations are observed instead of the all-encompassing EU’s GDPR (Coos, 2018). For instance, the Health Insurance Portability and Accountability Act (HIPAA) is a set of standards aimed at securing protected health information. Similarly, the Federal Information Security Management Act (FISMA) is a federal regulation that requires every federal agency to develop, document, and implement information protection programs (Coos, 2018). Other data protection regulations in the United States include the NIST 800-171 for protecting controlled unclassified information and the Gramm-Leach-Bliley Act to protect the personal information stored in financial institutions.
References
Coos, A. (2018). EU vs the US: What Are the Differences Between Their Data Privacy Laws?. Retrieved 10 February 2021, from https://www.endpointprotector.com/blog/EU-vs-us-how-do-their-data-protection-regulations-square-off/#:~:text=The%20United%20States%20has%20opted,to%20safeguard%20American%20citizens’%20data.
iCaaS. (2019). Why is GDPR Important?. Retrieved 10 February 2021, from https://myicaas.com/gdpr/why-is-gdpr-important/#:~:text=GDPR%20is%20important%20because%20it,comply%20by%20the%20new%20GDPR.
Keane, S. (2019). British Airways faces $230M GDPR fine for 2018 data breach. Retrieved 10 February 2021, from https://www.cnet.com/news/british-airways-faces-record-breaking-230m-gdpr-fine-for-2018-data-breach/
Kulakova, G. (2021). 7 principles of the GDPR and what they mean. Retrieved 10 February 2021, from https://www.amara-marketing.com/travel-blog/7-principles-of-the-gdpr-and-what-they-mean
Wolford, B. (2021). What is GDPR, the EU’s new data protection law? – GDPR.eu. Retrieved 10 February 2021, from https://gdpr.eu/what-is-gdpr/#:~:text=The%20General%20Data%20Protection%20Regulation,to%20people%20in%20the%20EU.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question
Requirements
Some countries have implemented measures to protect the privacy of their citizens. In this assignment, you will examine the General Data Protection Regulation (GDPR) implemented in the European Union to enforce privacy laws. You will then compare these regulations to their U.S. counterparts.
Specifically, in a 3–4-page paper you will:
1. Define the GDPR.
2. Justify the need for the GDPR.
3. Review the GDPR’s key principles.
4. Research an organization that violated the GDPR.
5. Describe the specifics of the violation, including the violator, the GDPR principles that were violated, the impact on consumers, and the remedy that was applied.
6. Compare and contrast an existing U.S. initiative that protects citizens’ privacy with the GDPR.
7. Go to Basic Search: Strayer University Online Library to locate and integrate into the assignment at least three quality, peer-reviewed academic resources written within the past five years.
Include your textbook as one of your resources.
Wikipedia and similar Websites do not qualify as quality resources.