Insights > Blog

The Three Key Domains of the GDPR Explained

There are three keys areas organisations should know about concerning the EU GDPR legislation. GDPR focuses on the core areas of data governance, data management, and data transparency.

In this blog, we will review the three key GDPR domains will aim to protect individuals and enforce tougher measures on organisations that handle personal data.

DATA GOVERNANCE

Data governance is how data controllers exercise their control and compliance over their data assets. This area is important to ensure you are maintaining compliance while navigating GDPR.

Breach Notification: Any data breaches an organisation may encounter must be communicated within 72 hours and to any affected data subjects and the ‘controllers’ of the data without undue delay if the breach may result in a high risk to rights and freedoms.
Privacy by Design: With this provision, businesses must begin to consider the nature of data privacy at the onset of starting a project as well as throughout the data processing lifecycle. A company will need to design for privacy during any data control or processing phase.
Vendor Management: Vendors and third parties will face the regulatory scrutiny of GDPR as well. Any processor or controller of data must keep details records of any processing activities done with data.

Take a look at this NEW infographic on how you can prepare for the EU GDPR.

DATA MANAGEMENT

Data management is how data controllers and processors will handle the processing activities. It’s important that the data is managed to GDPR compliance in the following areas.

Data Erasure (the right to be forgotten): Individuals can now request the deletion of personal data even if the data is public. In addition, individuals may also request that personal data not be processed in particular circumstances which can be found here.
Data Processing: Organisations must maintain internal records of all data processing activities under GDPR. The information recorded will need to include the name and details of your organisation, purposes of the data processing, description of categories of individuals and personal data, recipients of personal data, the details of data transfers, and data retention schedules. Organisations may want to consider automated cryptographic protection controls for transparent automatic email and attachment encryption.
Data Transfers: Under GDPR, businesses will be prohibited from transferring data from outside the EU to a third country that does not have adequate data protection laws. The European Commission approves countries with “satisfactory” data protection laws and maintains a list of “approved countries” here.
Data Protection Officer (DPO): Any data controller processing more than 5000 data subject records in a 12-month period are required to have a Data Protection Officer. A DPO will monitor your GPDR compliance and conduct data protection assessments as well as train staff on overall policies. A DPO can support one company or a group of companies or a group of public authorities under GPDR. Your DPO must have the necessary skill sets to advise the organisation and employees to comply with GPDR and other data protection laws. It’s worth noting, an organisation does not need to hire new personnel to fill the DPO, they simply need to have a qualified and authorised individual assigned to the role as DPO.

Interested in GDPR Assessment and Consulting? Learn more about CIPHER’s GDPR Services.

DATA TRANSPARENCY

Data subjects will have additional rights under GDPR. Data controllers will need to be mindful of the following areas under GDPR.

Consent: Organisations that are processing personal data must be able to demonstrate that the person with whom the data relates to has given their consent to use that data. Individuals also have the right to withdraw their consent at any time, and the company must make it easy for an individual to withdraw their consent.
Data Portability: Under GDPR, data subjects in the EU can obtain a copy of the data from the service provider and request to take their data. Under GDPR, data subjects will be able to move, copy or transfer data easily from one service provider to another without hindrance to usability.
Privacy Policies: Companies must provide disclosures about data processing to data subjects, and the rights of customers must be easily interpretable and easily accessible.

It is critical for organisations to prepare for the implementation of the EU GDPR with a thorough and planned procedure. GDPR impacts the technology, people, and processes required to address the readiness of data privacy. You will need to start planning for your customized approach to GDPR compliance as early as possible, ensuring consistency throughout your organisation.

Did you enjoy this blog article? Comment below with your feedback.

0 Comments

Submit a Comment Cancel reply

GET EMAIL UPDATES

Information Security Maturity Self-Assessment Survey

Learn More

• Whitepapers
• E-books
• Checklists
• Self-Assessments
• Webcasts
• Infographics

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_86671402_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
ajs_anonymous_id	never	This cookie is set by Segment.io to check the number of ew and returning visitors to the website.
ajs_user_id	never	The cookie is set by Segment.io and is used to analyze how you use the website
CONSENT	16 years 3 months 14 days 7 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
driftt_aid	2 years	The driftt_aid cookie is an anonymous identifier token set by Drift.com for tracking purposes and helps to tie the visitor onto the website. The cookie also allows Drift to remember the information provided by the site visitor, through the chat on successive site visits.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
ajs_group_id	never	This cookie is set by Segment.io. The purpose of the cookie is currently not identified.
AnalyticsSyncHistory	1 month	No description
debug	never	No description available.
drift_aid	2 years	No description
drift_campaign_refresh	30 minutes	No description available.
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.

Insights > Blog

The Three Key Domains of the GDPR Explained

DATA GOVERNANCE

DATA MANAGEMENT

DATA TRANSPARENCY

Did you enjoy this blog article? Comment below with your feedback.

0 Comments

Submit a Comment Cancel reply

GET EMAIL UPDATES

Information Security Maturity Self-Assessment Survey

Learn More

Social Media

LinkedIn

Powered by Juicer

View on LinkedIn

Social Media

Twitter

Twitter feed is not available at the moment.

Social Media

Facebook

Insights

Whitepaper

Dig into the details of cybersecurity and regulations by reading our exclusive white papers. Each paper is written by an expert at Cipher and full of insight and advice.

Learn more