Key components of GDPR

Question 1

Harmonization across and beyond the EU

Answer 1

Making it simpler and cheaper for organizations to do business across the Union

Question 2

The Regulation separates responsibilities and

duties of data controllers and processors

Answer 2

obligate controllers to engage only those processors that provide “sufficient guarantees to implement appropriate technical and organisational measures” to meet the Regulation’s requirements and protect data subjects’ rights.

Question 3

regulation suggestion for appropriate securities

Answer 3

1. pseudonymization and/or encryption of personal data
2. ensure CIA, & Resilience of systems & services processing personal data
3. restore the availability and access to data in a timely manner in an event of an incident
4. a process for regularly testing, assessing, & evaluating the effectiveness of technical & organizational measures for ensuring the security of the processing

Question 4

Regulators now have the authority to issue fines for violations of record-keeping, security, breach notification, & privacy impact assessment obligations

Answer 4

10 million Euros or 2% of your global revenue

Question 5

GDPR violation, related to the legal justification for processing (cross data transfers, data subject rights)

Answer 5

20 mil Euro or 4% of global revenue

Question 6

breach notification

Answer 6

not later than 72 hours