Built on established and widely accepted privacy principles such as purpose limitation, lawfulness, transparency, integrity and confidentiality, the GDPR strengthens existing privacy and security requirements, including requirements for notice & consent, technical and operational security measures, and cross-border data flow mechanisms.
To adapt to the new reality of a digital, global and data-driven economy, the GDPR also formalizes new privacy principles such as accountability and data minimization, which are reflected throughout the text, including in the following requirements:
- Data security. Companies must implement an appropriate level of security, encompassing both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. The GDPR encourages companies to incorporate encryption, incident management, and network & system integrity, availability and resilience requirements into their security program.
- Data breach notification. Companies have to inform their regulators and/or the impacted individuals without undue delay after becoming aware that their data has been subject to a data breach.
- Security audits. Companies will be expected to document and maintain records of their security practices, to audit the effectiveness of their security program, and to take corrective measures where appropriate.
If you would like to learn more about some of the requirements particularly relevant for marketers, please review our GDPR for Marketers whitepaper with more information about the native Data Privacy & Security features provided across the Oracle Marketing Cloud.