A few weeks ago, Chuck Piotrwoski of PIOT presented a great webinar on the General Data Protection Regulation (GDPR). Although we weren’t able to record the session, he kindly provided his slides for sharing.
Chuck broke down GDPR into several basic principles:
- data about a person belongs to the person
- an organization can only work with personal data if permitted by law or with the consent of the individual
GDPR builds on the European Union’s 2007 Charter of Fundamental Rights, in which Title II (Freedoms) addresses privacy concerns:
Chuck explained that GDPR protections applies to organizations that handle the personal data of EU individuals, regardless of where the organization is located. For instance, if a researcher from Oxford pays for a scan from a U.S. archive, the personal data collected for this transaction is protected by GDPR. Here’s the list Chuck provided of examples of personal data that are protected:
Chuck suggested all organizations begin with four basic tenets:
If you’re interested in gauging your situation, Chuck pointed to a data protection self assessment provided by the UK’s Information Commissioner’s Office.
Here are the most important points I took away from this webinar:
- Integrating data privacy training into overall organizational training is more effective than specialized training because it’s more likely to get embedded into how people work.
- Consent by individuals to collect personal data must be explicitly given — an opt-in model rather than the opt-out model frequently embraced in the U.S.
- The process must be easy for individuals to withdraw their consent for an organization to hold personal data.
- An organization must explain why it is collecting personal data.
- There are currently no flawless automating tools for removing personal data.
- Data erasure can be refused if the public good outweighs the need for privacy.
If you work for an organization that would be affected by these regulations, you may want to look at the To Do section of the slides Chuck provided. He also listed some other resources at the end of his presentation. Thanks for the great learning opportunity, Chuck!