decentralized-id.github.io/_posts/government/europe/2019-03-01-gdpr.md
⧉ infominer 8023d4c51a category
2023-06-17 00:31:40 +05:30

12 KiB
Raw Blame History

date title toc categories tags redirect_from header permalink canonical_url toc last_modified_at
2019-03-01 General Data Protection Regulation (GDPR) of the European Union false
Regional
GDPR
Europe
eIDAS
CCPA
eSSIF
eSSIF-Lab
public-sector/europe/GDPR/
gdpr/
image teaser
/images/general-data-protection-regulation-gdpr-header.webp /images/gdpr-teaser.webp
government/europe/regulation/gdpr/ https://decentralized-id.com/government/europe/regulation/gdpr/ true 2023-06-09

Main

The General Data Protection Regulation (GDPR) is a privacy regulation enacted May 2018, effecting anyone processing the data of EU residents.

  • Why is Self-Sovereign Identity compliant with the [GDPR]? 2022-02-16 Archpelis

    With the transition to the web 3.0 ecosystem, the development of distributed registries (blockchain technology) and the regulatory environment that is forcing digital players to favour privacy by design, the ISS approach will become the new standard, whether for entering into customer relations, managing digital identities or ensuring compliance of administrative processes in companies and institutions.

  • Can a Verifiable Credential-based SSI Implementation meet GDPR Compliance? 2021-05-14 Affinidi

    A common theme among all these provisions is to empower the data subject and put him or her in complete control over personal data including the way it is shared and used.

    Now, its time to see if Self-sovereign identity (SSI) addresses each of these provisions.

  • Giving people the privacy protection they need in the coming decade 2020-01-08

    Sovrin Foundation makes the case that self-sovereign identity is the most flexible system for handling data privacy as regulations are adopted in different jurisdictions and evolve to meet changing local needs over the next decade. The paper examines how GDPR applies to participants in a blockchain network and addresses recent guidance from EU regulators and the Commission Nationale de lInformatique et des Libertés.

  • Blockchain and Identity 2019-05-15
    • IDENTITY AND THE GDPR

      An identity framework will need to work within such GDPR principles as data minimisation, purpose limitation and storage limitation. It will also have to deal with many of the rights that data subjects have under the GDPR, among them the well-known right to erasure (right to be forgotten), right of access and rights related to the automated processing of data. The GDPR also lays down clear responsibilities for data controllers and processors that will certainly need to be taken into account as well.

    • EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD

      Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.

  • Blockchain and the GDPR 2018-10-16 EU Blockchain Forum

    as this paper will explain, GDPR compliance is not about the technology, it is about how the technology is used. Just like there is no Gdpr-compliant Internet, or GDPR-compliant artificial intelligence algorithm, there is no such thing as a GDPR-compliant blockchain technology. There are only GDPR-compliant use cases and applications.

  • GDPR - A reflection on the 'self-sovereign identity' and the Blockchain 2018-02-11 Nicolas Ameye

    The GDPR is taking for granted a centralized identity model, meaning a centralized model of digital data storage and transmission. Those centralized models of digital data storage are relying on the principles that the data custodians are trustworthy and are mandated to steward personal data. The GDPR, while being technology-neutral by nature, is articulated around the idea that personal data are being stewarded by centralized authorities.

  • When GDPR Becomes Real, and Blockchain is no longer fairydust by Marta Piekarska (Linux Foundation), Michael Lodder (Evernym), Zachary Larson (Economic Space Agency), Kaliya Young (Identity Woman)

    Following the implementation date of May 25, 2018, managing data will be both toxic and expensive. Many precious resources will be required for improving and maintaining the security, privacy, and governance of personal data. Methods for storing less personal data will ease the burden of GDPR compliance. This document describes the GDPR requirements and the different approaches to digital identity solutions and finally explains why distributed ledger technology may offer an opportunity for enterprises to simplify data management solutions that are GDPR compliant.

EU General Data Protection Regulation Act

Privacy by Design

Privacy by Design means that privacy should be considered from the very beginning, when designing a product. Article 25 of the GDPR requires “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in placeto minimise personal data processing.”

  • Privacy by Design The 7 Foundational Principles 2011-02-11
    1. Proactive not Reactive; Preventative not Remedial
    2. Privacy as the Default Setting
    3. Privacy Embedded into Design
    4. Full Functionality — Positive-Sum, not Zero-Sum
    5. End-to-End Security — Full Lifecycle Protection
    6. Visibility and Transparency — Keep it Open
    7. Respect for User Privacy — Keep it User-Centric
  • Self-Sovereign Privacy By Design 2019-10-04

    This repo captures early models of what has now evolved into DID Communication -- conventions for secure, private interaction between parties based on DIDs. All content here is archival; for the freshest thinking, please check out the Hyperledger Aries RFCs

  • GDPR and Privacy by Design, What developers need to know 2018-01-24

    In short, Article 25 of the GDPR requires; “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in place — to minimise personal data processing”. Building compliant systems means that new functionality needs to be added, to deliver data pseudonymisation, encryption and other privacy enhancing measures.

Privacy Impact Assesment

Article 35 describes “a process which assists organizations in identifying and minimizing the privacy risks of new projects or policies” called a Privacy Impact Assessment (PIA),

  • ISO/IEC 29134:2017 - Guidelines for privacy impact assessment
  • Open Source PIA Software 2021-06-30 cnil.fr

    The PIA software aims to help data controllers build and demonstrate compliance to the GDPR. The tools is available in French and in English. It facilitates carrying out a data protection impact assessment, which will become mandatory for some processing operations as of 25 May 2018. This tool also intends to ease the use of the PIA guides published by the CNIL.

  • Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01) 2017-10-13

    A DPIA is a process designed to describe the processing, assess its necessity and proportionality and help manage the risks to the rights and freedoms of natural persons resulting from the processing of personal data by assessing them and determining the measures to address them. DPIAs are important tools for accountability, as they help controllers not only to comply with requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance with the Regulation (see also article 24). In other words, a DPIA is a process for building and demonstrating compliance.

Resources