EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide

Book description

EU GDPR – An Implementation and Compliance Guide is a perfect companion for anyone managing a GDPR compliance project. It explains the changes you need to make to your data protection and information security regimes and tells you exactly what you need to do to avoid severe financial penalties.

Table of contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. About The Author
  5. Contents
  6. Introduction
    1. The purpose of the GDPR
    2. Structure of the Regulation
    3. Impact on the EU
    4. Implementing the GDPR
    5. Key definitions
  7. Chapter 1: Scope, controllers and processors
    1. Scope of the GDPR
    2. Controller and processor
    3. Data controllers
    4. Joint controllers
    5. Data processors
    6. Controllers that are processors
    7. Controllers and processors outside the EU
    8. Records of processing
    9. Demonstrating compliance
  8. Chapter 2: Six data processing principles
    1. Principle 1: Lawfulness, fairness and transparency
    2. Principle 2: Purpose limitation
    3. Principle 3: Data minimisation
    4. Principle 4: Accuracy
    5. Principle 5: Storage limitation
    6. Principle 6: Integrity and confidentiality
    7. Accountability and compliance
  9. Chapter 3: Data subjects’ rights
    1. Fair processing
    2. The right to access
    3. The right to rectification
    4. The right to be forgotten
    5. The right to restriction of processing
    6. The right to data portability
    7. The right to object
    8. Rights in relation to automated decision-making
  10. Chapter 4: Privacy compliance frameworks
    1. Material scope
    2. Territorial scope
    3. Governance
    4. Objectives
    5. Key processes
    6. Personal information management systems
    7. ISO/IEC 27001:2013
    8. Selecting and implementing a compliance framework
    9. Implementing the framework
  11. Chapter 5: Information security as part of data protection
    1. Personal data breaches
    2. Anatomy of a data breach
    3. Sites of attack
    4. Securing your information
    5. ISO 27001
    6. Ten Steps to Cyber Security
    7. Cyber Essentials
    8. NIST standards
    9. The information security policy
    10. Assuring information security
    11. Governance of information security
    12. Information security beyond the organisation’s borders
  12. Chapter 6: Lawfulness and consent
    1. Consent in a nutshell
    2. Withdrawing consent
    3. Alternatives to consent
    4. Practicalities of consent
    5. Children
    6. Special categories of personal data
    7. Data relating to criminal convictions and offences
  13. Chapter 7: Subject access requests
    1. Receiving a request
    2. The information to provide
    3. Data portability
    4. Responsibilities of the data controller
    5. Processes and procedures
    6. Options for confirming the requester’s identity
    7. Records to examine
    8. Time and money
    9. Dealing with bulk subject access requests
    10. Right to refusal
    11. The process flow
  14. Chapter 8: Role of the data protection officer
    1. Voluntary designation of a data protection officer
    2. Undertakings that share a DPO
    3. DPO on a service contract
    4. Publication of DPO contact details
    5. Position of the DPO
    6. Necessary resources
    7. Acting in an independent manner
    8. Protected role of the DPO
    9. Conflicts of interest
    10. Specification of the DPO
    11. Duties of the DPO
    12. The DPO and the organisation
    13. The DPO and the supervisory authority
    14. Data protection impact assessments and risk management
    15. In-house or contract
  15. Chapter 9: Data mapping
    1. Objectives and outcomes
    2. Four elements of data flow
    3. Data mapping, DPIAs and risk management
  16. Chapter 10: Requirements for data protection impact assessments
    1. DPIAs
    2. After the DPIA
    3. Consulting with stakeholders
    4. Who needs to be involved?
    5. Data protection by design and by default
  17. Chapter 11: Risk management and DPIAs
    1. DPIAs as part of risk management
    2. Risk management standards and methodologies
    3. Risk responses
    4. Risk relationships
    5. Risk management and personal data
  18. Chapter 12: Conducting DPIAs
    1. Five key stages of the DPIA
    2. Identify the need for the DPIA
    3. Objectives and outcomes
    4. Consultation
    5. Describe the information flow
    6. Identify privacy and related risks
    7. Identify and evaluate privacy solutions
    8. Sign off and record the outcome
    9. Integrating the DPIA into the project plan
  19. Chapter 13: Managing personal data internationally
    1. Key requirements
    2. Adequacy decisions
    3. Safeguards
    4. Binding corporate rules
    5. Standard contractual clauses
    6. The EU-US Privacy Shield
    7. Privacy Shield Principles
    8. Limited transfers
    9. Cloud services
  20. Chapter 14: Incident response management and reporting
    1. Notification
    2. Events vs incidents
    3. Types of incident
    4. Cyber security incident response plans
    5. Key roles in incident management
    6. Prepare
    7. Respond
    8. Follow up
  21. Chapter 15: GDPR enforcement
    1. The hierarchy of authorities
    2. One-stop-shop mechanism
    3. Duties of supervisory authorities
    4. Powers of supervisory authorities
    5. Duties and powers of the European Data Protection Board
    6. Data subjects’ rights to redress
    7. Administrative fines
    8. The Regulation’s impact on other laws
  22. Chapter 16: Transitioning and demonstrating compliance
    1. Transition frameworks
    2. Transition – understanding the changes from DPD to GDPR
    3. Using policies to demonstrate compliance
    4. Codes of conduct and certification mechanisms
  23. Appendix 1: Index of the Regulation
  24. Appendix 2: EU/EEA national supervisory authorities
  25. Appendix 3: Implementation FAQ
  26. IT Governance resources

Product information

  • Title: EU General Data Protection Regulation (GDPR), third edition - An Implementation and Compliance Guide
  • Author(s): IT Governance
  • Release date: October 2019
  • Publisher(s): IT Governance Publishing
  • ISBN: None