General Data Protection Regulation Following the Data Protection Directive of 1995 ePrivacy Directive of 2002 (cookie law) Articles https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/ https://www.theverge.com/2018/3/28/17172548/gdpr-compliance-requirements-privacy-notice General Data Protection Regulation EU Site: https://www.gdpreu.org/ Privacy by Design https://www.smashingmagazine.com/2017/07/privacy-by-design-framework/ Questions • What? • Why? • Who is affected ? ○ Am I a controller? ○ Am I a processor? • What data is included in protection? • What protection is required? • What to protect against? What consent is required? • What are the penalties? Privacy Impact Assessments A Privacy Impact Assessment (PIA), which is required under GDPR for data-intensive projects, is a living document which must be made accessible to all involved with a project. It is the process by which you discuss, audit, inventory, and mitigate the privacy risks inherent in the data you collect and process. Like all GDPR documentation, a PIA can be requisitioned by a data protection regulator in the event of a privacy concern or data breach. Not having a PIA is not an option.