Greeting all guy and myself again!

As my word, this is a brief article of ‘GDPR’

GDPR (General Data Protection Regulation)

GDPR is legal statements written in 2016 and has been announced in 2018. The main concept is to protect and secure the customer’s confidential data and privacy.

3 Roles in the process

GDPR defines peoples of the data process into 3 groups:

  • Data subject
    That is us, the data owner.
  • Data controller
    A ruler who defines objectives, methods, solutions, etc. for managing the data owners with CONSENTS
  • Data processor
    Work force for processing, analysing, recording, and storing the data from owners under the rules and regulations defined by data controllers

3 Areas of Effect of GDPR

GDPR must be applied when meets any of these 3 conditions:

  1. Data processors or data controllers’ establishments are in Europe
  2. Businesses run for citizens in Europe (goods or services available in Europe)
  3. Procedures relate to transactions in Europe or other regions which have legal conditions with Europe

Consent alignments

As mentioned before, consents are needed for the process to express data owners’ wills. The consents must align the following:

  1. Freely given
    Data owners have their own decisions to give or not to give their data without any backfires if they don’t give it.
  2. Specific
    There must be specific objectives for the process
  3. Informed
    Data owners have to acknowledge the process
  4. Unambiguous
    Clear acts must be applied and be affirmed in the process such as data owners’ fingerprints can be provable.

Privacy by design

GDPR does not defined design theories. However, there are 7 fundamental design theories:

  1. Proactive not reactive
    Data controllers must design the process for incident protections first.
  2. Default privacy
    Privacy setting must be enabled automatically and by default. In case of unclear data usage conditions, the highest setting level must be applied.
  3. Privacy embedded
    Data controllers must consider privacy issues as the infrastructure not the add-ons
  4. Full functionality
    Privacy setting must not be blockers to the system and its functions.
  5. End-to-End security
    Design supports the security for whole process thoroughly
  6. Visibility & Transparency
    The process must be transparent to all accessories i.e. users, provider, or stake-holders.
  7. User-centric
    Prioritise users and their privacy.

Yeah, we have finished GDPR lesson. Next, we go to Thailand version that we call it PDPA. Stay tuned! 😸