Security & Compliance(GDPR)
Controls that a company implements to protect its assets and meeting the standards that a third-party has set forth as best practices.
GDPR-
The purpose of the GDPR is to protect individuals and the data that describes them and to ensure the organisations that collect that data do so in responsible manner. The GDPR also mandates that personal data is maintained safely;
The 7 data protection principles are:
Lawfulness, fairness, and transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitations
Integrity and confidentiality
Accountability
Personal data can include these types of information:
Name
Identification number
Location data
Any information that is specific to “the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
Biometric data that is acquired through some form of technical process, such as facial imaging or fingerprinting
Information related to a person’s health or healthcare
Racial or ethnic information of an individual
Political opinions or religious beliefs
Union membership