GDPR Compliance Journey - 10 Portability

Gydeline
23 Apr 201803:51

Summary

TLDRThis video discusses data portability, a concept applicable to online service providers. It emphasizes the need for data to be exportable in a machine-readable, common format, directly transferable to another company if requested. The video outlines the importance of informing data subjects of their portability rights and meeting criteria such as structured format and providing all information generated by the individual's activity. Best practices include allowing direct downloads, offering API access, and informing individuals of data retrieval timelines. The speaker shares that their company, 'guideline,' responds to data requests in CSV format, setting a standard for compliance.

Takeaways

  • 📚 Data portability applies only to online services and is not applicable to paper-based records.
  • 🔍 The script emphasizes the need for a data portability process if personal information is held digitally.
  • 🗂️ The data must be exported in a common, machine-readable format that can be transferred directly to another company or system.
  • 📢 Data subjects must be informed about their right to data portability.
  • 📝 The data export should include all information provided by the individual or generated by their activity on the systems.
  • 🤖 It's implied that the data should be in a structured format, which is part of the export process.
  • 📅 Best practices include providing the ability for individuals to download their data directly without a formal request, if it's an online service.
  • 🔌 Offering a software API for direct data retrieval can be considered a best practice for data portability.
  • 🕒 Informing individuals about the expected time frame for data retrieval when requested is recommended.
  • 📋 The guideline follows a process to respond to information requests and provides data in CSV format.
  • 🔑 The script suggests that different developers and companies may have varying approaches to data portability.

Q & A

  • What is the main topic discussed in the video script?

    -The main topic discussed in the video script is data portability, particularly in the context of online services.

  • Why is data portability difficult to implement with paper records?

    -Data portability is difficult with paper records because it requires exporting information in a computer-readable format, which is not feasible with physical documents.

  • What does the script suggest about the company's approach to data processing?

    -The script suggests that the company prefers a modern approach and does not process records solely on paper, implying they likely use digital systems for data management.

  • What are the considerations for data portability mentioned in the script?

    -The considerations for data portability include the ability to export data in a common, machine-readable format that can be transferred directly to another company or system.

  • How should companies inform data subjects about their right to data portability?

    -Companies should inform data subjects about their right to data portability as part of their data processing policies and guidelines.

  • What criteria should a data portability process meet according to the script?

    -A data portability process should meet criteria such as being in a common format, machine-readable, and structured in a way that allows direct transfer to another company or system.

  • What information should be included in the data export provided to individuals?

    -The data export should include all the information the individual provided to the company or any information generated by their activity on the company's systems, but not necessarily other inferred information about them.

  • What are some best practices for data portability suggested by the Article 29 Working Party?

    -Some best practices include providing individuals with the ability to directly download information, offering a software API for data retrieval, and informing individuals of the expected time frame for data delivery upon request.

  • In what format does the company mentioned in the script provide data portability?

    -The company mentioned in the script provides data portability in CSV format.

  • What is the next topic the script suggests will be discussed in future videos?

    -The next topic to be discussed in future videos is the exploration of other rights related to data portability.

  • What is the overall message the script conveys about compliance with data portability?

    -The overall message is that compliance with data portability involves understanding and implementing a process that respects the rights of data subjects, including informing them of their rights and providing their data in a structured, machine-readable format upon request.

Outlines

00:00

📂 Data Portability in Online Services

This paragraph discusses the concept of data portability, emphasizing its applicability to online services where information is stored in a digital format. It highlights the difficulty of providing data exports in a computer-readable format when information is only on paper. The speaker mentions that the company, referred to as 'guideline,' does not process records on paper only. The paragraph also outlines the need to inform data subjects about their right to data portability and to ensure that the data export process meets certain criteria: it must be in a common, machine-readable format that can be transferred directly to another company if requested by the customer. The speaker also touches on best practices for data portability, such as providing direct download options, offering a software API for data retrieval, and informing individuals of the expected time frame for data delivery upon request. The company's approach to data portability is mentioned, which involves responding to information requests and providing data in CSV format.

Mindmap

Keywords

💡Data Portability

Data portability refers to the ability of individuals to obtain their personal data from a service provider and to transmit it to another service provider. In the video, it is a central concept, emphasizing the right of data subjects to have their data in a format that can be easily transferred. The script mentions that data portability is applicable particularly to online services, and it is a key consideration for compliance with data protection regulations.

💡Online Services

Online services are internet-based platforms or applications that provide various types of services to users. The script highlights that data portability is especially relevant to these services because they typically handle personal data in a digital format that can be more easily exported. The video discusses the challenges of porting data from paper records, which contrasts with the more modern approach of online platforms.

💡Export

In the context of the video, export refers to the action of transferring personal data out of a service provider's system in a structured and machine-readable format. The script explains that the ability to export data is a crucial aspect of data portability, allowing individuals to move their data from one service to another seamlessly.

💡Machine Readable

Machine readable data is information that can be processed by a computer without the need for human interpretation. The video emphasizes the importance of this format for data portability, as it ensures that the exported data can be directly utilized by another system or service provider. The script mentions that the data should be in a structured format, implying machine readability.

💡Structured Format

A structured format in data management refers to data that is organized in a specific way that allows for easy processing and analysis. The script discusses the necessity of data being in a structured format when exported, which is essential for data portability, as it facilitates the direct transfer and use of the data by another system.

💡Data Subjects

Data subjects are individuals whose personal data is being collected, processed, or stored by a service provider. The video script mentions the importance of informing data subjects about their right to data portability, which is a part of their broader rights under data protection laws.

💡Compliance

Compliance in the context of the video refers to the adherence to legal and regulatory requirements, particularly those related to data protection and privacy. The script discusses various aspects of data portability that need to be considered to ensure compliance with data protection guidelines and regulations.

💡CSV Format

CSV stands for Comma-Separated Values, a widely used format for storing and transferring data. The script mentions that the company provides data in CSV format when responding to data portability requests, which is an example of a structured and machine-readable format suitable for data transfer.

💡Data Protection Regulations

Data protection regulations are legal frameworks that govern the collection, use, and storage of personal data. The video's theme revolves around ensuring that data portability processes are in line with these regulations, which protect the rights of data subjects and enforce standards on service providers.

💡Article 29 Working Party

The Article 29 Working Party was an independent European advisory body on data protection and privacy. The script refers to guidance issued by this party on data portability, indicating the importance of following expert recommendations to ensure compliance with data protection principles.

💡API

API stands for Application Programming Interface, a set of protocols and tools for building software applications. The video script suggests that providing a software API can be a best practice for enabling individuals to directly access their data, demonstrating a commitment to data portability and user empowerment.

Highlights

Data portability applies only to online services, not to paper records.

Assessment includes a question about holding personal information solely on paper records.

Guideline's modern approach avoids paper-only data processing.

Data portability requires export in a computer-readable format.

Guidelines software provides insights into the necessary format for data portability.

Data subjects must be informed about their right to data portability.

A data portability process should meet specific criteria, including a common and machine-readable format.

Data should be transferred directly from one company to another if requested.

Exported data must be in a structured format, implying machine readability.

Individuals should receive all information they provided or generated on the system.

Best practice may include providing inferred information about the individual, although not required.

Guidance on data portability from the Article 29 Working Party includes best practices for online services.

Online services should allow direct download of information without a formal request.

A software API can enable direct access to exported data.

Informing individuals about the expected time frame for data delivery is a recommended practice.

Guideline has a process to respond to information requests, providing data in CSV format.

Different developers and companies may adopt various approaches to data portability.

Data portability is the first of many rights to be discussed in future sessions.

Transcripts

play00:00

[Music]

play00:04

hello and welcome once again to the

play00:07

guideline compliance journey this time

play00:10

we're going to talk about a data

play00:12

portability now the key thing to say

play00:16

about data portability is that it

play00:21

applies only if you are providing online

play00:24

services it's very difficult to give an

play00:28

export of information in a computer

play00:32

readable format if all that information

play00:35

is on paper so if we dive in and have a

play00:39

look at our assessment and we take a

play00:44

look at the data processing area this is

play00:47

the reason we have the question in here

play00:49

that says do you hold personal

play00:51

information on paper records only now

play00:53

clearly at guideline we like to think

play00:55

we're quite modern in our approach so we

play00:58

don't process records on paper only so

play01:03

when looking at portability there are a

play01:06

number of considerations the ability to

play01:11

export the data is one but it also has

play01:13

to be in the right format so we're going

play01:17

to go and take a look at the guidelines

play01:19

software because a lot of the questions

play01:20

give you some insight into what that

play01:24

format needs to be so first of all we

play01:30

have to make sure that we tell the data

play01:32

subjects about their right to

play01:33

portability and we do that at guideline

play01:36

and

play01:46

so if we assume for a moment that we

play01:51

have a data portability process in place

play01:54

then we need to make sure that it meets

play01:58

certain criteria it's in a common format

play02:00

it's machine readable and it can be

play02:03

transferred directly from guideline to

play02:06

another company if our customer should

play02:09

so wish and if it's machine readable

play02:12

well it kind of implies that it's in a

play02:15

structured format but we need to make

play02:17

sure that that is part of the export

play02:21

when we give the information to the

play02:23

individual we need to make sure that we

play02:26

give them all the information they

play02:27

provided to us or any information that's

play02:30

been generated by their activity on our

play02:33

systems we don't have to give them other

play02:36

information that we've inferred about

play02:39

them however it might be considered best

play02:41

practice to do that some other things

play02:46

that are best practice these are based

play02:48

on guidance on data portability issued

play02:51

by the article 29 working party is if we

play02:55

do an online service do we give

play02:57

individuals the ability to directly

play02:59

download that information from us

play03:01

without making a request do we provide a

play03:04

software API that enables them to

play03:06

directly get that information and

play03:08

finally do we tell individuals how

play03:11

quickly they're going to get their data

play03:13

when they request it so a lot of things

play03:18

to consider a guideline we have a

play03:21

process to respond to those requests for

play03:24

information and we provide that

play03:25

information in a CSV format but other

play03:29

developers and other companies may take

play03:31

different approaches but that's what we

play03:33

do so that's all on data Portability and

play03:38

that is the first of many rights which

play03:42

is what we're going to be talking more

play03:43

about next time so until then we hope

play03:47

you find your compliant simple

Browse More Related Video

GDPR Compliance Journey - 12 Data Minimisation

GDPR Compliance Journey - 11 Rights

GDPR Compliance Journey - 09 Retention

Privacy - CompTIA Security+ SY0-701 - 5.4

Free CCNA | JSON, XML, & YAML | Day 60 | CCNA 200-301 Complete Course

How NOT to Fetch Data in React | Lecture 139 | React.JS 🔥

Rate This

5.0 / 5 (0 votes)

Summary
Outlines
Mindmap
Keywords
Highlights
Transcripts
Related Tags
Data PortabilityOnline ServicesComplianceUser RightsCSV FormatMachine ReadableData ExportGuidelines SoftwareArticle 29API AccessRequest Response