GDPR and its Key Aspects

What is GDPR?


The Seven Principles

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Actors in GDPR

  • Controller: Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • Processor: Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
  • Data Subject: A data subject is any person whose personal data is being collected, held, or processed.

Regulatory Bodies in GDPR

  • Data Protection Officer: Data Protection Officer is a responsible leadership role required by GDPR which shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices. The DPO is responsible to inform and advise the organization and its employees of their data protection obligations under the GDPR and to monitor the organization’s compliance with GDPR and internal data protection policies and procedures.
  • Supervisory Authority: Under GDPR, a Supervisory Authority is an autonomous public authority that is responsible for monitoring compliance for GDPR, helping associations become consistent with GDPR, and ensuring compliance and conducting investigations. The supervisory authority is the body that must be advised in case of a data breach.

What are the things that make GDPR completely unique regulation in the domain of data protection?

  1. As I already mentioned above, the Data Protection Officer mandate plays a very important role in defining the uniqueness of GDPR. It is compliant in GDPR that the Controller and the Processor shall ensure that the DPO is involved properly and in a timely manner, in all issues which relate to the protection of personal data.
  2. Plenty of individual rights also adds up to the uniqueness of GDPR. The framework gives an ample amount of right to individuals like Right to Erasure (Right to be Forgotten), Right to lodge a complaint with a supervisory authority, Right to compensation and Liability and many more!
  3. Breach Closure Mandate, The Article 33 ‘Notification of a personal data breach to the supervisory authority’ states that “In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority”
  4. Talking about the processing of the personal data, it shall be lawful only if the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

What are the GDPR fines and penalties for non-compliance?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Gaur

CCSK | AWS & Azure Certified Cloud Practitioner | ISO Certified ISMS & PIMS Auditor