book

Data Privacy and GDPR Handbook

by Sanjay Sharma

November 2019

Beginner to intermediate

496 pages

15h 32m

English

Wiley

Read now

Unlock full access

1.1 Questions and Challenges of Data Privacy1.2 The Conundrum of Voluntary Information1.3 What Is Data Privacy?1.4 Doctrine of Information Privacy1.5 Notice-and-Choice versus Privacy-as-Trust1.6 Notice-and-Choice in the US1.7 Enforcement of Notice-and-Choice Privacy Laws1.8 Privacy-as-Trust: An Alternative Model71.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission1.10 Additional Challenges in the Era of Big Data and Social Robots1.11 The General Data Protection Regulation (GDPR)1.12 Chapter OverviewNotes
2.1 Privacy as One’s Castle2.2 Extending Beyond the “Castle”2.3 Formation of Privacy Tort Laws2.4 The Roots of Privacy in Europe and the Commonwealth2.5 Privacy Encroachment in the Digital Age2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy2.7 Emergence of Economic Value of Individual Data for Digital Businesses2.8 Legislative Initiatives to Protect Individuals’ Data Privacy2.9 The EU Path2.10 End of the Wild West?2.11 Data as an Extension of Personal Privacy2.12 Cambridge Analytica: A Step Too Far2.13 The Context of Privacy in Law EnforcementSummaryNotes
3.1 When Does GDPR Apply?3.2 The Key Players under GDPR3.3 Territorial Scope of GDPR3.4 Operation of Public International LawNotes
4.1 Accountability4.2 The Data Controller4.3 Technical and Organizational Measures4.4 Duty to Maintain Records of Processing Activities4.5 Data Protection Impact Assessments4.6 The Data Protection Officer4.7 Data Protection by Design and Default4.8 Data Security during Processing4.9 Personal Data Breaches4.10 Codes of Conduct and Certifications4.11 The Data ProcessorNotes
5.1 The Central Principles of Processing5.2 Legal Grounds for Data Processing5.3 International Data Transfers5.4 Intragroup Processing Privileges5.5 Cooperation Obligation on EU Bodies5.6 Foreign Law in Conflict with GDPRNotes
6.1 The Controller’s Duty of Transparency6.2 The Digital Miranda Rights6.3 The Right of Access6.4 Right of Rectification6.5 Right of Erasure6.6 Right to Restriction6.7 Right to Data Portability6.8 Rights Relating to Automated Decision Making6.9 Restrictions on Data Subject RightsNotes
7.1 In-House Mechanisms7.2 Data Subject Representation7.3 The Supervisory Authorities7.4 Judicial Remedies7.5 Alternate Dispute Resolution7.6 Forum Selection Clauses7.7 Challenging the Existing LawNotes
8.1 Allocating Liability8.2 Compensation8.3 Administrative Fines8.4 Processing Injunctions8.5 Specific PerformanceNotes
9.1 Member State Legislations9.2 Processing in the “Public Interest”9.3 Public Interest and the Rights of a Data Subject9.4 Organizational Exemptions and Responsibilities9.5 Public Documents and Data9.6 Archiving9.7 Handling Government Subpoenas9.8 Public Interest Restrictions on GDPR9.9 Processing and Freedom of Information and Expression9.10 State Use of Encrypted Data9.11 Employee Data ProtectionNotes

10.1 Step 1: Establish a “Point Person”10.2 Step 2: Internal Data Audit10.3 Step 3: Budgeting10.4 Step 4: Levels of Compliance Needed10.5 Step 5: Sizing Up the Compliance Department10.6 Step 6: Curating the Department to Your Needs10.7 Step 7: Bring Processor Partners into Compliance10.8 Step 8: Bring Affiliates into Compliance10.9 Step 9: The Security of Processing10.10 Step 10: Revamping Confidentiality Procedures10.11 Step 11: Record Keeping10.12 Step 12: Educate Employees on New Protocols10.13 Step 13: Privacy Policies and User Consent10.14 Step 14: Get Certified10.15 Step 15: Plan for the Worst Case Scenario10.16 ConclusionNotes
11.1 Social Networking as an Explosive Global Phenomenon11.2 Facebook Is Being Disparaged for Its Data Privacy Practices11.3 Facebook Has Consistently Been in Violation of GDPR Standards11.4 The Charges against Facebook11.5 What Is Facebook?11.6 A Network within the Social Network11.7 No Shortage of “Code of Conduct” Policies11.8 Indisputable Ownership of Online Human Interaction11.9 Social Networking as a Mission11.10 Underlying Business Model11.11 The Apex of Sharing and Customizability11.12 Bundling of Privacy Policies11.13 Covering All Privacy Policy Bases11.14 Claims of Philanthropy11.15 Mechanisms for Personal Data Collection11.16 Advertising: The Big Revenue Kahuna11.17 And Then There Is Direct Marketing11.18 Our Big (Advertiser) Brother11.19 A Method to Snooping on Our Clicks11.20 What Do We Control (or Think We Do)?11.21 Even Our Notifications Can Produce Revenue11.22 Extent of Data Sharing11.23 Unlike Celebrities, We Endorse without Compensation11.24 Whatever Happened to Trust11.25 And to Security of How We Live11.26 Who Is Responsible for Security of Our Life Data?11.27 And Then There Were More11.28 Who Is Responsible for Content?11.29 Why Should Content Be Moderated?11.30 There Are Community Standards11.31 Process for Content Moderation11.32 Prospective Content Moderation “Supreme Court”11.33 Working with Governmental Regimes11.34 “Live” Censorship11.35 Disinformation and “Fake” News11.36 ConclusionNotes
12.1 The Lead Supervisory Authority12.2 Facebook nicht spricht Deutsch12.3 Where Is the Beef? Fulfilling the Information Obligation12.4 Data Processing Purpose Limitation12.5 Legitimate Interests Commercial “Restraint” Needed12.6 Privacy by Design?12.7 Public Endorsement of Personalized Shopping12.8 Customizing Data Protection12.9 User Rights versus Facebook’s Obligations12.10 A Digital Blueprint and a GDPR Loophole12.11 Investigations Ahead12.12 Future ProjectsNotes
13.1 Our Second Brain13.2 Utopian or Dystopian?13.3 Digital Empowerment: Leveling the Playing FieldNotes
20142015201620172018Notes

Content preview from Data Privacy and GDPR Handbook

3GDPR’s Scope of Application

Virtue is more to be feared than vice, because its excesses are not subject to the regulation of conscience.

— Adam Smith

Businesses and other organizations process data as a central component of their workflow or otherwise store data of their employees, customers or affiliates, etc. GDPR has broad scope and can be generally assumed to apply to all aspects of businesses and other organizations that receive personal data. Large Data Collectors must adapt and adhere to GDPR to reduce their exposure to liability in the long run. However, smaller businesses and organizations, particularly those or which principal activity does not entail receiving individual data, would find it hard to sustain the cost of ongoing GDPR compliance and would be concerned regarding the extent to which the regulation applies to their business activities. They have to balance between minimal processing, storage, and usage restrictions for individual information that may entail regulatory and reputational risks with comprehensive frameworks that would be cost prohibitive. Toward this goal, an evaluation of the applicability of GDPR is a critical first step toward its compliance. In this chapter we provide a framework for the assessment of the applicability of GDPR for individual businesses and organizations.

3.1 When Does GDPR Apply?

GDPR applies to all processing of personal data regarding the EU and its citizens.¹ This deliberately broad definition establishes a universal ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781119594246Purchase book

Data Privacy and GDPR Handbook

by Sanjay Sharma

3GDPR’s Scope of Application

3.1 When Does GDPR Apply?

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Data Privacy

Practical Data Privacy

IAPP CIPP / US Certified Information Privacy Professional Study Guide

Data Center Handbook, 2nd Edition

Publisher Resources

3.1 When Does GDPR Apply?

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Data Privacy

Practical Data Privacy

IAPP CIPP / US Certified Information Privacy Professional Study Guide

Data Center Handbook, 2nd Edition

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.