Topic 3: Data Security

The General Data Protection Regulation (GDPR) aims to protect personal information stored online. In this context, the regulation mandates that most of the organization that handle the personal information of individuals appoint an employee to oversee their GDPR compliance. This typically falls under the purview of the Data Protection Officer, or DPO. DPOs ensure compliance with GDPR and monitor all issues related to personal data protection. Its task is first and foremost to inform the controller, employees, and external data controllers on how to collect, process and store personal data in a GDPR-compliant manner.

A Data Protection Officer at the University should be able to review data processing internally, to provide support and assistance to the organization, as well as to address questions and complaints from data subjects. 

Incidents that could lead to accidental or unlawful destruction, loss, change or unauthorized access to personal data are referred to as data breaches and the data protection authority must be informed within 72 hours of becoming aware of the violation if this is likely to pose a risk to the rights and freedoms of the data subjects.

GDPR Article 17 gives the right to citizens to erasure or ‘right to be forgotten”. specific circumstances under which the right to be forgotten applies, especially when the personal data is no longer necessary for the purpose an organization originally collected or processed it. whether you have erased the data. A request has to be done and the controller (i.e., the organization) is obliged to react to the request within 30 days based on the GDPR principle of transparency. According to the GDPR, the controller must facilitate the exercising of this right and to offer the means to do so free of charge.