book

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide

Name: EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide
Author: IT Governance Privacy Team
ISBN: 9781849288378

by IT Governance Privacy Team

November 2016

Intermediate to advanced

312 pages

6h 1m

English

IT Governance Publishing

Read now

Unlock full access

Cover
Title
Copyright
About the Author
Contents
Introduction
The purpose of the GDPRStructure of the RegulationImpact on the EUImplementing the GDPRKey definitions
Chapter 1: Privacy Compliance Frameworks
Material scopeTerritorial scopeGovernanceObjectivesKey processesPersonal information management systemsISO/IEC 27001:2013Selecting and implementing a compliance frameworkImplementing the framework
Chapter 2: Role of the Data Protection Officer
Voluntary designation of a Data Protection OfficerUndertakings that share a DPODPO on a service contractPublication of DPO contact detailsPosition of the DPONecessary resourcesActing in an independent mannerProtected role of the DPOConflicts of interestSpecification of the DPODuties of the DPOThe DPO and the organisationThe DPO and the supervisory authorityData protection impact assessments and risk managementIn house or contract
Chapter 3: Common Data Security Failures
Personal data breachesAnatomy of a data breachSites of attackSecuring your informationISO 27001Ten Steps to Cyber SecurityCyber EssentialsNIST standardsThe information security policyAssuring information securityGovernance of information securityInformation security beyond the organisation’s borders
Chapter 4: Six Data Protection Principles
Principle 1: Lawfulness, fairness and transparencyPrinciple 2: Purpose limitationPrinciple 3: Data minimisationPrinciple 4: AccuracyPrinciple 5: Storage limitationPrinciple 6: Integrity and confidentialityAccountability and compliance

Chapter 5: Requirements for Data Protection Impact Assessments
Data protection impact assessmentsWhen to conduct a DPIAWho needs to be involvedData protection by design and by default
Chapter 6: Risk Management and DPIAs
DPIAs as part of risk managementRisk management standards and methodologiesRisk responsesRisk relationshipsRisk management and personal data
Chapter 7: Data Mapping
Objectives and outcomesFour elements of data flowData mapping, DPIAs and risk management
Chapter 8: Conducting DPIAs
Reasons for conducting a DPIAObjectives and outcomesConsultationFive key stages of the DPIAIntegrating the DPIA into the project plan
Chapter 9: Data Subjects’ Rights
Fair processingThe right to accessThe right to rectificationThe right to be forgottenThe right to restriction of processingThe right to data portabilityThe right to objectThe right to appropriate decision making
Chapter 10: Consent
Consent in a nutshellWithdrawing consentAlternatives to consentPracticalities of consentChildrenSpecial categories of personal dataData relating to criminal convictions and offences
Chapter 11: Subject Access Requests
The information to provideData portabilityResponsibilities of the data controllerProcesses and proceduresOptions for confirming the requester’s identityRecords to examineTime and moneyDealing with bulk subject access requestsRight to refusal
Chapter 12: Controllers and Processors
Data controllersJoint controllersData processorsControllers that are processorsControllers and processors outside the EURecords of processingDemonstrating compliance
Chapter 13: Managing Personal Data Internationally
Key requirementsAdequacy decisionsSafeguardsBinding corporate rulesThe EU-US Privacy ShieldPrivacy Shield PrinciplesLimited transfersCloud services
Chapter 14: Incident Response Management and Reporting
NotificationEvents vs incidentsTypes of incidentCyber security incident response plansKey roles in incident managementPrepareRespondFollow up
Chapter 15: GDPR Enforcement
The hierarchy of authoritiesOne-stop-shop mechanismDuties of supervisory authoritiesPowers of supervisory authoritiesDuties and powers of the European Data Protection BoardData subjects’ rights to redressAdministrative finesThe Regulation’s impact on other laws
Chapter 16: Transitioning and Demonstrating Compliance
Transition frameworksTransition – understanding the changes from DPD to GDPRUsing policies to demonstrate complianceCodes of conduct and certification mechanisms
Appendix 1: Index of the Regulation
Appendix 2: EU/EEA National Supervisory Authorities
Appendix 3: Implementation FAQs
ITG Resources

Content preview from EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide

CHAPTER 2: ROLE OF THE DATA PROTECTION OFFICER

The GDPR takes a role that already exists in some organisations, that of the data protection officer (DPO), and gives it statutory importance.

Within Chapter IV of the GDPR, Articles 37-39, lay out the requirements for appointing a DPO, as well as their specification, role, duties and relationships with other entities (such as data subjects, controllers and processors, etc.).

Whether or not your organisation needs to appoint a DPO comes down to three basic conditions, according to the Regulation.

The controller and the processor shall designate a data protection officer in any case where:

(a) the processing is carried out by a public authority or body, except for courts acting in their judicial ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition

Healthcare Information Privacy and Security: Regulatory Compliance and Data Security in the Age of Electronic Health Records

Bernard Peter Robichau

Publisher Resources

ISBN: 9781849288378

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide

by IT Governance Privacy Team

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.