What is GDPR?
A general data protection regulations introduced throughout the EU in 2018.
What does GDPR detail the following principles about data?
Used to fairly lawfully and transparently
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
What is accountability?
Ability to prove that the regulations are being complied with
What is integrity and confidentiality?
Handled in a way that ensures appropriate security
What is storage limitation?
Kept for no longer than necessary
What is data minimisation?
Used in a way that adequate relevant and limited to only what is necessary
What is purpose limitation?
Use for specific explicit purposes
What happens if an organisation fails to comply with the GDPR?
It can be fined
EU maximum - the higher of 20 million or 4% of annual global turnover
Uk maximum - the higher of 17.5 million or 4% of annual global turnover
What are the requirements of GDPR?
Report a breach to the relevant supervisory authority within 72 hours
If the breach is likely to result in a high risk of adversely affecting individual individuals rights and freedom, the organisation must inform those individuals asap
Records must be kept of any personal data breaches
Organisations should ensure that they have robust breach detection investigation and internal reporting procedures in place
What is data subject?
Refers to the identified or in identify or living individual to whom personal data relates
Data subjects have the right to what
 to find out what information the government and other organisation store about them
What information can the government and other organisation store about someone that they have the right to?
Being informed about how their data is being used
Access personal data
Have incorrect data updated
Have data erased
Stop or restrict the processing of their data
Data portability
Object to how their data is processed in certain circumstances
What is data security?
Data securities is concerned with keeping data safe from various hazards that could destroy or compromise it
What assets could destroy or compromise data?
Physical risk or human risks
What are the main risks to computer systems and the data they contain?
Physical damage
Human damage
Operational problems
Data corruption
Dated theft
What is cyber security?
The protection of Internet connected systems including hardware software and data from cyber attack
What is a cyber attack?
A malicious and deliberate attempt by an individual organisation to breach the information system of another individual or organisation
What are the risks of a cyber attack?
Malware
fishing
denial of service
man in the middle
What is Malware
This is a software designed to cause damage to a single computer server or computer network.
These attacks may run into a computer on network in operable or grant attacker access so that they can control the system remotely
What are types of malware?
Worms, viruses and Trojans
What is fishing?
A technique by which cyber criminals craft emails to fall a target into taking some harmful action. The the recipient might be tricked into downloading Malwa that is disguised as an important document.
What is denial of service?
A brute force method to try to stop online service from working properly. E.g. attackers might send so much traffic to a website or so many requests to a database that it overwhelmed the system’s ability to function making it unavailable to anyone
What is man in the middle?
A method by which attack has managed to interpose our secretly between the user and a web service that they are trying to access for an example and it might have a Wi-Fi network
