PERSONAL DATA HAS ENTERED THE GDPR ERA

This infographic originates from a working group of CLUSIF (www.clusif.fr). It sums up the General Data Protection Regulation.
It cannot be comprehensive but it does offer a summarized overview of keys to understand the scope of the regulation for future reference.

Art. A
60-67
Interact with (133-136)
other authorities Data theft
Art. A
82-84 Personal (85)
Art.A58 data breach
(146-150) WP250
Art. 51-59 Supervisory (122)
authority WP253 Art.A33 Data leak
(117-138) Initiate Penalties including
administrative fines (85) Art.A33
WP244 controls Notify Detect
Notify controller incidents
Art.A77
(132) 72h
authority
Lodge (141) Raise WP250
a complaint awareness Art.A34
Errors
Without undue delay (86) Malicious actions
Compensation Art.A82 Inform Detect (87) (101)
for the damage (146) Sensitive
data subjects incidents
Art.A7
data
Art. 44-49
A Personal Personal
Art.A4
Data (32) (101-116) Data Data
Subject (14) Consent Minimise data
Art.A5 Transfer data
Citizen Collect
Customer Art.A5-6 Personal
Employee Transparency data
(39-47) Data Data Data
Art.
A8 Lawfulness & Art. A
13-14 Control (66)
Children Fairness Confidentiality (83) Data Processing Processing processing
(39) copies
Integrity
Art. 12 et 23
Inform (60-61) Availability
WP250
Art.A32 Art.A25
Exercise data subjects
(59-73)
Ensure (26) Limit and trace Purpose limitation
rights Pseudonymisation
access Art.A32
security Encryption (28) No alteration
Art.A15
Process data
Provide personal Resilience
(63) Process Data
Access data and
Copy
processing details data Erase data
Art.A16 Art.A5
Rectification (65) Update data Art.A5 Archive (65) Art.A25
Storage limitation data (78) (66)
Art.A17 (65-66) Protection by design
"Right to be Erase Art.A89 Protection by default
Forward
(65-66) Derogations requests
forgotten" data
Develop
Art.A18
Suspend Manage storage processing
Restriction (67) Art.A05
processing period Art. A
26
Art.A24
(39) (40) Shared responsability
Art.A20 Transmission to data subject or (79)
Export to another controller Lawful processing
(68) Art.A36
Data portability
WP242 data (94) Art.A35 Transfer inside European Union
Consult Analyse
(76-78) Art. 45-47
A
Art.A 21 authority risks Data controller International agreement – adequacy decision
Objection (70) Stop processing Binding Corporate Rules (BCR)
Art.A35 Contractual clauses
Data Privacy Standard clauses (European Commission or supervisory authority)
Art.A22 Impact Assessment (90-91) Derogations (including consent)
Opposition to (74)
Human WP251 WP248
automated (71) Profiling Art. 37-39 Ensure
processing Intervention
(97)
compliance Art.A28 Art. A
44

Contact
Art.A12 DPO WP243 Existing processings (81-83) (102-116)
and new processings

Version 1.2 - 15 December 2017

(59)
controller Art. 30
Within one month Art. 9 et 23 Maintain a
(82)
or the subject may lodge a complaint
Contract (44) Vital interest (46) record
Art. 12 Data
ta
ap processors
roc
rro
oce
ce & Data
Da
D ta
a processors
pr &
Act on requests Legal obligation (45) Public interest (46) (54) blilic
bl
Publicic Body
Bod their sub
subcontractors
bco their
heir subcontractors
sub
(47) Europe
in Eu in tthird countries
n thir
Legitimate interest

CLUSIF is an association of professionals in information security. It is open to all businesses and public administrations and brings together Providers LegendLegend
and Users from all industry branches. Its main goal is to facilitate the exchange of know-how and competences towards an efficient information security
system through a CISO space, working groups, publications and thematic conferences. Some of the topics addressed in working groups include : Art. 51 European regulation article
cyber insurance, industrial systems, cyber threats and security practices, cybercrime overview, mobile apps, IoT, day-to-day digital security, electronic (141) European regulation recital
signature, GDPR, security dashboards, etc. WP244 G29 guideline

THE LOGICAL & PHYSICAL SECURITY MAGAZINE

For more information, please contact : Luména DULUC, general delegate : +33 (0) 1 53 25 08 80 (clusif@clusif.fr)