GDPR
Definition
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) to safeguard personal data and privacy of individuals within the EU and the European Economic Area (EEA). It mandates strict guidelines on data collection, processing, storage, and sharing, emphasizing transparency, consent, and the rights of data subjects. Organizations worldwide that handle EU residents’ data must comply with GDPR to avoid substantial fines and penalties.
Secure Settings Example
# Example of a GDPR-compliant data processing policy
dataProcessingPolicy:
dataCollection:
consentRequired: true
purposeSpecification: "User account creation and service personalization"
dataStorage:
encryption: "AES-256"
accessControl:
- role: "Data Protection Officer"
permissions: "read, write, delete"
dataRetention:
period: "2 years"
reviewFrequency: "annually"
dataSubjectRights:
accessRequest: "enabled"
dataPortability: "enabled"
erasureRequest: "enabled"
Insecure Settings Example
# Example of a non-compliant data processing policy
dataProcessingPolicy:
dataCollection:
consentRequired: false # No consent obtained
purposeSpecification: "General use" # Not specific
dataStorage:
encryption: "none" # Data stored in plaintext
accessControl:
- role: "AllEmployees"
permissions: "read, write" # Excessive permissions
dataRetention:
period: "indefinite" # No defined retention period
dataSubjectRights:
accessRequest: "disabled"
dataPortability: "disabled"
erasureRequest: "disabled"