Open AccessAn Introduction to the GDPR (v2)
Author(s) -
Andrew Cormack
Publication year - 2021
Language(s) - English
DOI - 10.55621/idpro.11
Subject(s) - confidentiality , accountability , obligation , transparency (behavior) , business , data protection act 1998 , internet privacy , general data protection regulation , scope (computer science) , computer security , law and economics , political science , computer science , law , economics , programming language
The General Data Protection Regulation (GDPR) applies to any processing (including collection, storage, or sharing) of data relating to identifiable (including by serial numbers, IP addresses, etc.) individuals who are physically in Europe. This scope may well cover international or online Identity and Access Management (IAM) activities, as well as all IAM activities actually conducted in Europe. All such processing must conform to seven principles: lawfulness, fairness & transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality; accountability. Individuals have rights of information; subject access; rectification, erasure & restriction. Processing must be for one of six legal bases: contract, legal obligation, vital interests, public interests, legitimate interests, or consent. Each basis has its own requirements; some confer additional rights on individuals.