å人æ å ±ä¿è·ãäžççãªèª²é¡ãšãªãäžã欧å·é£åïŒEUïŒã2018幎ã«æœè¡ããGDPRã¯ãæãå³æ Œãªå人æ å ±ä¿è·æ³èŠå¶ãšããŠç¥ãããŠããŸããGDPRã¯EUåžæ°ã®å人æ å ±ãåãæ±ãå šãŠã®äŒæ¥ã«é©çšããããããééæ¥çã«ã倧ããªåœ±é¿ãäžããŠããŸãããã±ããäºçŽãäŒå¡ãµãŒãã¹ãªã©ã§å€ãã®å人æ å ±ãæ±ãééäŒç€Ÿã¯ãGDPRãéµå®ããããã®äœå¶æŽåãæ±ããããŸããå人æ å ±ã®é©åãªç®¡çã¯ãæ³ä»€éµå®ã ãã§ãªãã顧客ããã®ä¿¡é Œç²åŸãšäŒæ¥äŸ¡å€åäžã«ã€ãªããéèŠãªçµå¶æŠç¥ã§ããæ¬èšäºã§ã¯ãééæ¥çã«ãããGDPRã®éèŠæ§ãšå¯Ÿå¿æ¹æ³ã«ã€ããŠãåå¿è åãã«ãããããã解説ããŸãã
GDPRãšã¯äœãïŒééæ¥çãžã®åœ±é¿
è¿å¹Žãããžã¿ã«åã®é²å±ã«äŒŽããå人æ å ±ã®ä¿è·ãäžççãªèª²é¡ãšãªã£ãŠããŸãããã®äžã§ãã欧å·é£åïŒEUïŒã2018幎ã«æœè¡ãããEUäžè¬ããŒã¿ä¿è·èŠåïŒGDPRïŒãã¯ãå人æ å ±ä¿è·ã«é¢ããæ³èŠå¶ã®äžã§ãæãå³æ Œãªãã®ãšããŠç¥ãããŠããŸããGDPRã¯ãEUã«æ ç¹ã眮ãäŒæ¥ã ãã§ãªããEUåžæ°ã®å人æ å ±ãåãæ±ãå šãŠã®äŒæ¥ã«é©çšããããããã°ããŒãã«ã«äºæ¥ãå±éããééæ¥çã«ã倧ããªåœ±é¿ãäžããŠããŸãã
GDPRã®æŠèŠãšç®ç
GDPRã¯ãEUåžæ°ã®å人æ å ±ä¿è·ã匷åããããšãç®çãšããæ³èŠå¶ã§ããäž»ãªå 容ã¯ä»¥äžã®éãã§ãã
- å人æ å ±ã®ååŸã»å©çšã«ã¯æ¬äººã®åæãå¿ èŠ
- å人æ å ±ã®å©çšç®çãæ確ã«ããç®çå€å©çšãçŠæ¢
- å人æ å ±ã®æŒæŽ©ãäžæ£å©çšããã£ãå Žåã72æé以å ã«åœå±ã«å ±å矩å
- å人æ å ±ä¿è·è²¬ä»»è ïŒDPOïŒã®èšçœ®çŸ©å
- å人æ å ±ã®åé€è«æ±æš©ïŒå¿ããããæš©å©ïŒã®ä¿é
ãããã®èŠå®ã«éåããå Žåãæ倧ã§å šäžç幎é売äžé«ã®4%ãŸãã¯2,000äžãŠãŒãïŒçŽ26ååïŒã®å¶è£éãç§ããããŸãããããã£ãŠãäŒæ¥ã¯GDPRãéµå®ããããã®äœå¶æŽåãæ±ããããŠããŸãã
GDPRãééæ¥çã«ããããå€å
ééæ¥çã¯ãå€ãã®å人æ å ±ãåãæ±ãæ¥çã®äžã€ã§ããäŸãã°ããã±ããäºçŽæã®é¡§å®¢æ å ±ããäŒå¡ãµãŒãã¹ã«ç»é²ããã顧客ããŒã¿ãç£èŠã«ã¡ã©ã§åéãããä¹å®¢ã®æ åããŒã¿ãªã©ããããŸãããããã®æ å ±ã¯ãGDPRã®é©çšå¯Ÿè±¡ãšãªããããééäŒç€Ÿã¯å人æ å ±ã®åãæ±ãã«ååãªæ³šæãæãå¿ èŠããããŸãã
å ·äœçã«ã¯ã以äžã®ãããªå¯Ÿå¿ãæ±ããããŸãã
察å¿é ç® | å 容 |
---|---|
å人æ å ±ã®ååŸã»å©çšã«é¢ããåæã®ååŸ | ãã±ããäºçŽæãäŒå¡ç»é²æã«ãå人æ å ±ã®ååŸã»å©çšç®çãæ瀺ããåæãåŸãå¿ èŠããããŸãã |
å人æ å ±ã®å®å šç®¡çæªçœ®ã®åŒ·å | å人æ å ±ã®æŒæŽ©ãäžæ£ã¢ã¯ã»ã¹ãé²æ¢ãããããæå·åãã¢ã¯ã»ã¹å¶åŸ¡ãªã©ã®æè¡çã»çµç¹çå®å šç®¡çæªçœ®ãè¬ããå¿ èŠããããŸãã |
å人æ å ±ä¿è·è²¬ä»»è ïŒDPOïŒã®èšçœ® | äžå®èŠæš¡ä»¥äžã®äŒæ¥ã§ã¯ãå人æ å ±ä¿è·è²¬ä»»è ïŒDPOïŒãèšçœ®ããå人æ å ±ã®é©åãªåãæ±ããç£ç£ããå¿ èŠããããŸãã |
å人æ å ±ã®åé€è«æ±ãžã®å¯Ÿå¿ | 顧客ããå人æ å ±ã®åé€è«æ±ããã£ãå Žåãéããã«å¯Ÿå¿ããå¿ èŠããããŸãã |
ãããã®å¯Ÿå¿ãé©åã«è¡ãããã«ã¯ã瀟å ã®å人æ å ±ä¿è·äœå¶ãèŠçŽããåŸæ¥å¡æè²ã培åºããããšãéèŠã§ãã
ééæ¥çãGDPRã«å¯Ÿå¿ããæ矩
GDPRãžã®å¯Ÿå¿ã¯ãåãªãæ³ä»€éµå®ã ãã§ãªããäŒæ¥ã®ä¿¡é Œæ§ã競äºåã®åäžã«ãã€ãªãããŸããå人æ å ±ä¿è·ãžã®åãçµã¿ãç©æ¥µçã«è¡ãããšã§ã顧客ããã®ä¿¡é Œãç²åŸãããã©ã³ãã€ã¡ãŒãžãé«ããããšãã§ããŸãããŸããå人æ å ±ã®é©åãªç®¡çã¯ãããŒã¿æŽ»çšã®åºç€ãšãªããããå°æ¥çãªããžãã¹ãã£ã³ã¹ã«ãã€ãªãããŸãã
äžæ¹ã§ãGDPRãžã®å¯Ÿå¿ã«ã¯ãã·ã¹ãã æè³ã人æè²æãªã©ã®ã³ã¹ããããããŸããããããå人æ å ±ä¿è·ãžã®æè³ã¯ãé·æçã«ã¯äŒæ¥äŸ¡å€ã®åäžã«ã€ãªããéèŠãªçµå¶æŠç¥ãšèšããŸããééæ¥çã§ã¯ãå®å šæ§ãå©äŸ¿æ§ã®åäžãšãšãã«ãå人æ å ±ä¿è·ãžã®åãçµã¿ãæ±ããããŠããŸããGDPRãèžãŸããå人æ å ±ä¿è·äœå¶ã®åŒ·åã¯ãæç¶çãªäŒæ¥æé·ã®ããã®äžå¯æ¬ ãªèŠçŽ ãšèšããã§ãããã
以äžãééæ¥çã«ãããGDPRã®éèŠæ§ã«ã€ããŠè§£èª¬ããŸãããããžã¿ã«åãé²ãäžãå人æ å ±ä¿è·ãžã®åãçµã¿ã¯ãããããæ¥çã«æ±ãããã課é¡ãšãªã£ãŠããŸããééæ¥çã«ãããŠããGDPRãèžãŸããå人æ å ±ä¿è·äœå¶ã®åŒ·åããä»åŸãŸããŸãéèŠã«ãªã£ãŠããã§ãããã
ééæ¥çã«ãããGDPRãžã®å¯Ÿå¿æ¹æ³
ééæ¥çã¯ããã±ããäºçŽãäŒå¡ãµãŒãã¹ãç£èŠã«ã¡ã©æ åãªã©ãå€ãã®å人æ å ±ãåãæ±ã£ãŠããŸããEUäžè¬ããŒã¿ä¿è·èŠåïŒGDPRïŒã®æœè¡ã«ããããããã®æ å ±ã®é©åãªç®¡çãæ±ããããããã«ãªããŸãããééäŒç€ŸãGDPRãéµå®ããããã«ã¯ã以äžã®ãããªå¯Ÿå¿ãå¿ èŠã§ãã
å人ããŒã¿ã®é©åãªåéãšç®¡ç
GDPRã§ã¯ãå人ããŒã¿ã®åéã«ã¯æ¬äººã®åæãå¿ èŠãšãããŠããŸããééäŒç€Ÿã¯ããã±ããäºçŽãäŒå¡ç»é²ã®éã«ãããŒã¿ã®åéç®çãæ確ã«èª¬æããåæãåŸãå¿ èŠããããŸãããŸããåéããããŒã¿ã¯å¿ èŠæå°éãšããç®çéæåŸã¯éããã«åé€ãããªã©ãé©åãªç®¡çãæ±ããããŸãã
ããŒã¿ç®¡çã«ãããŠã¯ã以äžã®ãããªç¹ã«æ³šæãå¿ èŠã§ãã
- ããŒã¿ã®æå·åãå¿ååã«ããä¿è·
- ã¢ã¯ã»ã¹å¶åŸ¡ã«ããããŒã¿ãžã®ã¢ã¯ã»ã¹å¶é
- å®æçãªããã¯ã¢ãããšããŒã¿åŸ©æ§ãã¹ãã®å®æœ
- å§èšå ãå«ããµãã©ã€ãã§ãŒã³å šäœã§ã®ããŒã¿ä¿è·ã®åŸ¹åº
åæååŸãšãã©ã€ãã·ãŒããªã·ãŒã®æŽå
GDPRã§ã¯ãå人ããŒã¿ã®åãæ±ãã«ã€ããŠãåãããããéææ§ã®é«ã説æãè¡ããèªç±ææã«ããåæãåŸãããšãæ±ããããŠããŸããééäŒç€Ÿã¯ããã©ã€ãã·ãŒããªã·ãŒãæŽåããããŒã¿ã®å©çšç®çã第äžè æäŸãããŒã¿äž»äœã®æš©å©ãªã©ã«ã€ããŠãå¹³æãªèšèã§èª¬æããå¿ èŠããããŸãã
ãã©ã€ãã·ãŒããªã·ãŒã«ã¯ã以äžã®å 容ãå«ããããšãæãŸããã§ãã
- ããŒã¿ç®¡çè ã®æ°åãšé£çµ¡å
- ããŒã¿åéã®ç®çãšæ³çæ ¹æ
- ããŒã¿ã®ä¿ææé
- ããŒã¿äž»äœã®æš©å©ïŒã¢ã¯ã»ã¹æš©ãèšæ£æš©ãåé€æš©ãªã©ïŒ
- ã¯ãããŒçã®å©çšã«ã€ããŠ
- åæã®æ€åæ¹æ³
ããŒã¿ä¿è·è²¬ä»»è ã®èšçœ®ãšåŸæ¥å¡æè²
GDPRã§ã¯ãäžå®èŠæš¡ä»¥äžã®äŒæ¥ã«å¯ŸããããŒã¿ä¿è·è²¬ä»»è ïŒDPOïŒã®èšçœ®ã矩åä»ããããŠããŸããDPOã¯ãå人ããŒã¿ä¿è·ã«é¢ãã瀟å ã®çµ±æ¬è²¬ä»»è ã§ããã以äžã®ãããªåœ¹å²ãæ ããŸãã
- å人ããŒã¿ä¿è·ã«é¢ãã瀟å ã«ãŒã«ã®çå®
- å人ããŒã¿ä¿è·ã«é¢ããåŸæ¥å¡æè²ã®å®æœ
- å人ããŒã¿ä¿è·ã«é¢ããç£æ»ã®å®æœ
- ç£ç£åœå±ãšã®é£çµ¡çªå£
ééäŒç€Ÿã¯ãDPOãäžå¿ãšããå人ããŒã¿ä¿è·äœå¶ãæŽåãããšãšãã«ãå šåŸæ¥å¡ã«å¯ŸããŠGDPRã«é¢ããæè²ãè¡ããæèã®åäžãå³ãããšãéèŠã§ãããŸããå人ããŒã¿ãåãæ±ãå§èšå ã«å¯ŸããŠããGDPRã®éµå®ãæ±ããå¿ èŠã«å¿ããŠç£æ»ãè¡ãããšãæ±ããããŸãã
GDPRãžã®å¯Ÿå¿ã¯ãåãªãæ³ä»€éµå®ã§ã¯ãªãã顧客ããã®ä¿¡é Œç²åŸãäŒæ¥äŸ¡å€åäžã«ã€ãªããéèŠãªåãçµã¿ã§ããééæ¥çã§ã¯ãå®å šæ§ãšå©äŸ¿æ§ã®è¿œæ±ãšãšãã«ãå人æ å ±ä¿è·ãžã®ç©æ¥µçãªå§¿å¢ãæ±ããããŠããŸããGDPRãèžãŸããå人ããŒã¿ä¿è·äœå¶ã®åŒ·åã¯ãæç¶çãªäŒæ¥æé·ã®ããã®äžå¯æ¬ ãªèŠçŽ ãšèšããã§ãããã
GDPRã«æºæ ããééãµãŒãã¹ã®æäŸ
EUäžè¬ããŒã¿ä¿è·èŠåïŒGDPRïŒã®æœè¡ã«ãããééæ¥çã«ãããŠãå人æ å ±ã®é©åãªåãæ±ããæ±ããããããã«ãªããŸãããGDPRãéµå®ãã€ã€ãå©äŸ¿æ§ã®é«ããµãŒãã¹ãæäŸããããã«ã¯ã以äžã®ãããªç¹ã«æ³šæãå¿ èŠã§ãã
ãã±ããè³Œå ¥æã®å人æ å ±ä¿è·
ãªã³ã©ã€ã³ã§ã®ãã±ããè³Œå ¥ãäž»æµãšãªãäžã顧客ã®å人æ å ±ãé©åã«ä¿è·ããããšãéèŠã§ãããã±ããè³Œå ¥ãã©ãŒã ã§ã¯ãå¿ èŠæå°éã®æ å ±ã®ã¿ãåéããããŒã¿ã®å©çšç®çãæ確ã«èª¬æããå¿ èŠããããŸãããŸããã¯ã¬ãžããã«ãŒãæ å ±ãªã©ã®æ©å¯æ§ã®é«ãããŒã¿ã¯ãæå·åãããªã©ã®å¯Ÿçãè¬ããããšãæ±ããããŸãã
å ·äœçã«ã¯ã以äžã®ãããªæªçœ®ãèããããŸãã
- SSL/TLSã«ããéä¿¡ã®æå·å
- ã¯ã¬ãžããã«ãŒãæ å ±ã®éä¿æåïŒããŒã¯ã³åïŒ
- äžæ£ã¢ã¯ã»ã¹é²æ¢ã®ããã®WAFïŒãŠã§ãã¢ããªã±ãŒã·ã§ã³ãã¡ã€ã¢ãŠã©ãŒã«ïŒã®å°å ¥
- å®æçãªã»ãã¥ãªãã£ç£æ»ã®å®æœ
ééå©çšè ã®æš©å©ãžã®å¯Ÿå¿
GDPRã§ã¯ãããŒã¿äž»äœïŒå人ïŒã®æš©å©ã匷åãããŠããŸããééäŒç€Ÿã¯ã以äžã®ãããªæš©å©è¡äœ¿ãžã®å¯Ÿå¿ãæ±ããããŸãã
æš©å©ã®çš®é¡ | å 容 | 察å¿äŸ |
---|---|---|
ã¢ã¯ã»ã¹æš© | èªå·±ã®å人ããŒã¿ã«ã¢ã¯ã»ã¹ããå©çšç®çãæäŸå ãªã©ã®æ å ±ãåŸãæš©å© | å人ããŒã¿ã®é瀺è«æ±ãžã®è¿ éãªå¯Ÿå¿ |
èšæ£æš© | äžæ£ç¢ºãªå人ããŒã¿ã®èšæ£ãæ±ããæš©å© | å人ããŒã¿ã®èšæ£ç³è«ãã©ãŒã ã®çšæ |
åé€æš©ïŒå¿ããããæš©å©ïŒ | å人ããŒã¿ã®åé€ãæ±ããæš©å© | å人ããŒã¿ã®åé€ç³è«ãã©ãŒã ã®çšæãåé€å¯Ÿè±¡ããŒã¿ã®ç¹å®ãšç¢ºå®ãªåé€ |
ããŒã¿ããŒã¿ããªãã£æš© | å人ããŒã¿ãæ©æ¢°å¯èªãªåœ¢åŒã§åãåããä»ç€Ÿã«ç§»è¡ããæš©å© | å人ããŒã¿ã®ãšã¯ã¹ããŒãæ©èœã®æäŸ |
ãããã®æš©å©è¡äœ¿ã«é©åã«å¯Ÿå¿ã§ããããã瀟å äœå¶ã®æŽåãšåŸæ¥å¡æè²ãäžå¯æ¬ ã§ãããŸãããã©ã€ãã·ãŒããªã·ãŒã«ããŒã¿äž»äœã®æš©å©ã«ã€ããŠåããããã説æããè¡äœ¿æ¹æ³ãæ瀺ããããšãéèŠã§ãããã
ããŒã¿æŒæŽ©é²æ¢ãšã»ãã¥ãªãã£å¯Ÿç
å人ããŒã¿ã®æŒæŽ©ã¯ãäŒæ¥ã®ä¿¡é Œã倧ããæãªãã ãã§ãªããå€é¡ã®å¶è£éã«ã€ãªãããªã¹ã¯ããããŸããééäŒç€Ÿã¯ãããŒã¿æŒæŽ©ãé²æ¢ããããã®æè¡çã»çµç¹çå®å šç®¡çæªçœ®ãè¬ããå¿ èŠããããŸãã
å ·äœçã«ã¯ã以äžã®ãããªå¯ŸçãèããããŸãã
- ã¢ã¯ã»ã¹å¶åŸ¡ã«ããããŒã¿ãžã®ã¢ã¯ã»ã¹å¶é
- æå·åã«ããä¿åããŒã¿ã»éä¿¡ããŒã¿ã®ä¿è·
- ãã°ç®¡çãšã¢ãã¿ãªã³ã°ã«ããäžæ£ã¢ã¯ã»ã¹ã®æ€ç¥
- å®æçãªè匱æ§èšºæãšãããã¬ãŒã·ã§ã³ãã¹ãã®å®æœ
- ã€ã³ã·ãã³ãçºçæã®ç·æ¥å¯Ÿå¿äœå¶ã®æŽå
- å§èšå ã®ç£ç£ãšããŒã¿ä¿è·å¥çŽã®ç· çµ
ãããã®å¯Ÿçãå¹æçã«å®æœããããã«ã¯ãå°éæ§ã®é«ã人æã®ç¢ºä¿ãšç¶ç¶çãªæè²ã»èšç·Žãæ¬ ãããŸããããŸããã»ãã¥ãªãã£å¯Ÿçã¯äžéæ§ã®ãã®ã§ã¯ãªããåžžã«ææ°ã®è åšã«å¯Ÿå¿ã§ãããããäžæã®èŠçŽããšæ¹åãæ±ããããŸãã
GDPRãžã®å¯Ÿå¿ã¯ãäŒæ¥ã«ãšã£ãŠå€§ããªè² æ ãšãªãäžæ¹ã§ã顧客ããã®ä¿¡é Œç²åŸãšãã©ã³ã䟡å€åäžã«ã€ãªããéèŠãªåãçµã¿ã§ããããŸããééæ¥çããå®å šæ§ãšå©äŸ¿æ§ã«å ããå人æ å ±ä¿è·ã§ãé«ãæ°Žæºãç¶æããããšã¯ãæç¶çãªæé·ã®ããã®äžå¯æ¬ ãªèŠçŽ ãšèšããã§ããããGDPRãèžãŸããå人æ å ±ä¿è·äœå¶ã®åŒ·åã«åããŠãæ¥çå šäœã§åãçµãããšãæåŸ ãããŸãã
ãŸãšã
GDPRã¯ãEUåžæ°ã®å人æ å ±ä¿è·ã匷åããããã2018幎ã«æœè¡ãããå³æ Œãªæ³èŠå¶ã§ããééæ¥çãäŸå€ã§ã¯ãªãããã±ããäºçŽãäŒå¡ãµãŒãã¹ãªã©ã§åãæ±ãå人æ å ±ã®é©åãªç®¡çãæ±ããããŠããŸããGDPRãžã®å¯Ÿå¿ã«ã¯ãå人ããŒã¿ã®åéã»å©çšã«ãããåæååŸãããŒã¿ä¿è·è²¬ä»»è ã®èšçœ®ãã»ãã¥ãªãã£å¯Ÿçã®åŒ·åãªã©ãæ§ã ãªåãçµã¿ãå¿ èŠã§ããããããé©åã«å®æœããããšã¯ãæ³ä»€éµå®ã ãã§ãªãã顧客ããã®ä¿¡é Œç²åŸãšãã©ã³ã䟡å€åäžã«ãã€ãªãããŸããééæ¥çããå®å šæ§ã»å©äŸ¿æ§ãšäžŠãã§å人æ å ±ä¿è·ã§ãé«ãæ°Žæºãç¶æããããšã¯ãæç¶çãªæé·ã®ããã®éèŠãªèŠçŽ ãšèšããã§ãããã