Data Privacy Flashcards
What is Data Privacy?
Data privacy refers to an individual’s right to control how their personal information is collected, used, and shared while ensuring compliance with legal regulations.
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU law that establishes guidelines for data protection and privacy, enforcing strict accountability on organizations handling personal data.
What are the seven principles of GDPR?
- Lawfulness, Fairness & Transparency
- Purpose Limitation
- Data Minimization
- Accuracy
- Storage Limitation
- Integrity & Confidentiality
- Accountability
How does GDPR benefit individuals?
Empowers users with control over personal data.
Protects against identity theft and unauthorized access.
Increases transparency in data collection and processing.
How does GDPR benefit organizations?
Encourages customer trust and brand loyalty.
Reduces the risk of data breaches and legal liabilities.
Improves operational efficiency through data minimization.
How does GDPR benefit society?
Establishes a universal data protection framework.
Encourages ethical and secure data practices.
Enhances trust in the digital economy.
What industries must comply with GDPR?
Healthcare: Protects sensitive patient data under GDPR, HIPAA (U.S.), and PHIPA (Canada).
Financial Services: Implements encryption, multi-factor authentication, and fraud detection.
Social Media: Regulates data collection and advertising practices (e.g., Facebook-Cambridge Analytica scandal).
What are key GDPR compliance strategies?
End-to-End Encryption: Protects data in transit and storage.
Multi-Factor Authentication (MFA): Adds security layers to login processes.
Automated Fraud Detection: Uses AI to detect suspicious transactions.
Data Processing Agreements (DPA): Ensures third-party vendors meet compliance standards.
What are competing data privacy regulations?
PIPEDA (Canada): Covers private sector data protection but is less strict than GDPR.
CCPA (California): Grants consumers rights to access, delete, and opt out of data sales, but lacks GDPR’s strict enforcement.
U.S. Federal Approach: Lacks a nationwide data privacy law, relying on state-level regulations.
What are the biggest challenges of GDPR compliance?
Complex legal requirements: Organizations struggle with varying interpretations.
High costs: Compliance implementation can be expensive.
Third-party risks: Vendors handling personal data must also be GDPR compliant.
Cybersecurity threats: AI and quantum computing pose evolving risks.
What are ethical concerns in data privacy?
Algorithmic biases: AI-driven decisions may reinforce inequalities.
Surveillance risks: Data collection raises concerns over misuse.
Consumer rights: Ensuring individuals can access, modify, or delete their data.
Corporate accountability: Transparency in data handling and usage.
What is the future of data privacy and GDPR?
GDPR 2.0: Stricter regulations for AI-driven data processing.
Post-Quantum Cryptography: Strengthening encryption against future threats.
Harmonized Global Standards: Increased international collaboration on privacy laws.
