1 / 7100%
Runningi Head:i GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 1
CIS512i Weeki 6i Assignment
Strayeri University
Mayi 15,2022
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 2
1. Definitioni ofi thei GDPR
Ini Europeani Unioni (E.U.)i andi thei Europeani Economici Area,i thei Generali Datai Protectioni
Regulationi (GDPR)i isi knowni asi thei regulationi ini relationi toi protectingi datai andi maintainingi thei
privacyi ofi thei data.i Thei Generali Datai Protectioni Regulationi isi consideredi thei mosti significanti
componenti ofi Europeani Unioni humani rightsi lawi andi privacyi law.i Moreover,i iti isi onei ofi thei
importanti partsi ofi Articlei 8i ofi thei Charteri ofi Fundamentali Rightsi ofi thei E.U.i Thei GDPRi isi thei
toughesti securityi andi privacyi lawi acrossi thei globe.i Thei Europeani Unioni hasi draftedi andi passedi
thei GDPR,i buti iti imposesi obligationsi oni variousi organizationsi anywhere.i Iti targetsi toi gatheri datai
ini associationi withi peoplei ini thei Europeani Union.i Thisi GDPRi aimsi toi simplifyi thei businessi
regulatoryi environment.i Thus,i bothi thei businessi andi citizensi cani geti completei benefiti fromi thei
digitali economyi ini thei Europeani Union.i Thisi legislationi appliesi toi twoi variousi typesi ofi datai
handlers,i suchi asi controllersi andi processors.i Here,i thei processori isi ai person,i agency,i publici
authority,i ori otheri bodyi thati processesi personali datai ini thei manei ofi thei controller.i Oni thei otheri
hand,i ai controlleri isi ai person,i agency,i publici authority,i ori otheri bodyi thati jointlyi ori individuallyi
withi othersi identifiesi thei meansi andi purposesi ofi personali datai processingi (Whati isi GDPR,i thei
EU'si newi Datai Protectioni Law?i GDPR.eu,i 2019).i
2. Justificationi fori thei needi fori thei GDPR
Thei Generali Datai Protectioni Regulationi (GDPR)i basicallyi ensuresi thei protectioni ofi
individualsi ini termsi ofi freei movementi ofi personali datai andi thei processingi ofi personali data.i Thisi
regulationi camei intoi forcei oni 24i Mayi 2016i andi becamei directlyi applicablei andi bindingi
completelyi oni 25i Mayi 2018i ini alli Membersi Statesi ofi thei E.U.i Thei GDPRi providesi properi
guidancei toi thosei whoi arei gettingi engagedi ini personali datai processingi toi conferi importanti rightsi
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 3
andi complyi withi thei provisionsi toi individualsi fori beingi processedi thei personali data.i Here,i iti isi
essentiali fori thei legali personi andi naturali person,i asi welli asi governmenti andi companies,i toi acti
accordingi toi thei regulationi ini thei processingi ofi personali data.i Ifi thei twoi partiesi arei noti followingi
thei rulesi andi regulationsi ori non-compliancei hasi beeni evident,i theni iti couldi leadi toi reputationali
damagei andi courti proceedingsi asi welli asi costi themi ai hugei amounti ofi money.i Ifi thei companiesi
andi otheri partiesi whoi arei dealingi withi thei personali datai arei residingi outsidei ofi thei Europeani
Union,i theni alsoi theyi havei toi obeyi thei regulationi wheni theyi arei dealingi withi thei personali datai ofi
E.U.i residentsi ori citizens.i Thesei companiesi arei expectedi toi followi thei regulationi andi organizei
theiri worki andi activityi accordinglyi (Importancei ofi thei GDPR.i FutureLearn,i 2021).i
3. Reviewi ofi thei GDPR’si keyi principles
Thei GDPRi consistsi ofi seveni keyi principlesi thati include:
Purposei limitation
Lawfulness,i transparency,i andi fairness
Accuracy
Datai minimization
Accountability
Integrityi andi confidentialityi
Storagei limitationi (Thei principles.i ICO,i 2021).i
Thesei principlesi arei essentiali toi followi wheni dealingi withi personali data.i Thei seveni keyi
principlesi ofi GDPRi havei beeni seti outi underi Articlei 5i toi providei protectioni fori personali data.i Iti
ensuresi thati thei personali datai hasi beeni processedi fairly,i lawfully,i andi ini ai transparenti manneri fori
thei persons.i Also,i iti saysi thei personali datai shalli bei relevant,i adequate,i andi limitedi fori thei purposei
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 4
ofi processing.i Thesei personali datai musti bei collectedi fori explicit,i specified,i andi legitimatei
purposesi ini thei publici interest,i statisticali purposes,i andi historicali ori scientifici researchi purposes.i
Moreover,i thei personali datai shalli bei accuratei ori up-to-date,i whichi cani bringi morei growthi fori thei
individualsi ori thei businesses.i Additionally,i thei personali datai shouldi bei processedi ini ai manneri
thati cani makei surei appropriatei securityi ofi thei personali data,i includingi unlawfuli processingi ori
protectioni againsti unauthorizedi organizationali measuresi ori usingi appropriatei technical,i
destructioni ori damage,i andi againsti accidentali loss.i Further,i thei personali datai shalli bei kepti ini ai
formi thati cani permiti thei identificationi ofi thei datai subject.i Here,i thei GDPRi ensuresi thei freedomi ofi
thei individuali andi safeguardsi thei rights.i
4. Ani organizationi thati violatedi thei GDPR
Therei arei manyi companiesi likei Googlei Ireland,i Whatsapp,i Facebook,i Googlei LLC,i andi
othersi whoi havei violatedi thei regulationi ofi thei Generali Datai Protectioni Regulationi andi giveni ai
finei toi thei Europeani Union.i Asi thei questioni hasi askedi toi mentioni onlyi onei organizationi thati
violatedi thei GDPR,i thei examplei ofi Amazoni hasi beeni sharedi here.i Ini Julyi 2021,i Europeani Unioni
(E.U.)i GDPRi hasi collectedi ai finei ofi ai mammothi €746i millioni fromi Amazoni byi Luxembourg'si
Nationali Commissioni fori Datai Protection.i Thei reasoni behindi thisi finei hasi noti beeni mentionedi
clearlyi ini thei reporti ofi Amazon’si Julyi 2021i earningsi report.i Thisi reporti hasi highlightedi thati thisi
finei cani bei consideredi Amazon’si gigantici GDPRi finei asi iti isi nearlyi 15i timesi biggeri amounti whilei
lookingi intoi thei previousi records.i However,i thisi casei isi noti newi fori thei companyi asi previouslyi
manyi incidentsi havei alreadyi beeni facedi byi thei company.i Previously,i Amazoni hasi beeni punishedi
fori gatheringi andi sharingi thei personali datai ofi thei usersi viai cookies.i Fori instance,i Amazoni hasi
giveni ai €35i millioni finei ini latei 2020i asi thei technicali teami ofi thei companyi hasi failedi toi geti thei
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 5
cookiei consenti oni Amazon’si websitei (30i biggesti GDPRi finesi to-date:i Latesti GDPRi fines:i
Updatedi 2022.i Tessian,i 2022).i
5. Explanationi ofi thei specificsi abouti thei violationi ofi GDPR
Ifi thei businessi companiesi arei noti followingi thei rulesi andi regulationsi ori non-compliancei hasi
beeni evident,i theni iti couldi leadi toi reputationali damagei andi courti proceedingsi asi welli asi costi themi
ai hugei amounti ofi money.i Ini thei presenti casei ofi Amazon,i thei violationi ofi thei GDPRi hasi ledi toi
reputationali damagei asi manyi usersi goti toi knowi abouti this,i andi theyi becamei concernedi abouti theiri
personali data,i whichi hasi affectedi thei businessi ofi Amazoni fori ai specifici periodi ofi time.i Moreover,i
thei violationi ofi thei GDPRi hasi costi ai hugei amounti fori Amazoni Company.i Researchi saysi thati ifi
thei companiesi andi otheri partiesi whoi arei dealingi withi thei personali datai arei residingi outsidei ofi thei
Europeani Union,i theni alsoi theyi havei toi obeyi thei regulationi wheni theyi arei dealingi withi thei
personali datai ofi E.U.i residentsi ori citizens.i Thesei companiesi arei expectedi toi followi thei regulationi
andi organizei theiri worki andi activityi accordingly.i Thus,i thei consumeri ofi E.U.i hasi beeni affectedi ini
thei casei ofi Amazon,i whichi hasi createdi thei biggesti blunderi fori thei company.i
Here,i thei GDPRi principlei ofi lawfulness,i transparency,i fairness,i accountability,i andi storagei
limitationi werei violated.i Thisi hasi affectedi thei reputationi ofi thei companyi ini fronti ofi thei
consumers,i andi ini response,i thei companyi hasi adoptedi somei promotionali ideasi toi regaini itsi
reputationi ini thei market.i
6. Comparisoni ofi ani existingi U.S.i initiativei thati protectsi thei privacyi ofi thei citizeni withi
thei GDPR
Ini thei U.S.,i thei citizens'i privacyi hasi beeni protectedi viai Healthi Insurancei Portabilityi andi
Accountabilityi Acti (HIPAA),i Thei Gramm-Leach-Blileyi Acti (GLBi Acti ori GLBA),i andi thei
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 6
Federali Informationi Securityi Managementi Acti (FISMA),i andi NISTi 800-171.i Iti hasi beeni
identifiedi thati therei arei noi suchi federali lawsi thati protecti datai privacyi likei GDPR.i
GDPRi i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i i 7
References
30i biggesti GDPRi finesi to-date:i Latesti GDPRi fines:i Updatedi 2022.i Tessian.i (2022,i Mayi 5).i
Retrievedi Mayi 12,i 2022,i fromi https://www.tessian.com/blog/biggest-gdpr-fines-2020/i
Importancei ofi thei GDPR.i FutureLearn.i (2021).i Retrievedi Mayi 12,i 2022,i fromi
https://www.futurelearn.com/info/courses/general-data-protection-
regulation/0/steps/32404i
Thei principles.i ICO.i (2021).i Retrievedi Mayi 12,i 2022,i fromi https://ico.org.uk/for-
organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-
gdpr/principles/i
Whati isi GDPR,i thei EU'si newi Datai Protectioni Law?i GDPR.eu.i (2019,i Februaryi 13).i Retrievedi
Mayi 12,i 2022,i fromi https://gdpr.eu/what-is-gdpr/i
Students also viewed