book

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition

Name: EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition
Author: ITGP Privacy Team
ISBN: 9781849289467

by ITGP Privacy Team

August 2017

Intermediate to advanced

381 pages

6h 1m

English

IT Governance Publishing

Read now

Unlock full access

Cover
Title
Copyright
About the Author
Contents
Introduction
The purpose of the GDPRStructure of the RegulationImpact on the EUImplementing the GDPRKey definitions
Chapter 1: Privacy Compliance Frameworks
Material scopeTerritorial scopeGovernanceObjectivesKey processesPersonal information management systemsISO/IEC 27001:2013Selecting and implementing a compliance frameworkImplementing the framework
Chapter 2: Role of the Data Protection Officer
Voluntary designation of a Data Protection OfficerUndertakings that share a DPODPO on a service contractPublication of DPO contact detailsPosition of the DPONecessary resourcesActing in an independent mannerProtected role of the DPOConflicts of interestSpecification of the DPODuties of the DPOThe DPO and the organisationThe DPO and the supervisory authorityData protection impact assessments and risk managementIn house or contract
Chapter 3: Common Data Security Failures
Personal data breachesAnatomy of a data breachSites of attackSecuring your informationISO 27001Ten Steps to Cyber SecurityCyber EssentialsNIST standardsThe information security policyAssuring information securityGovernance of information securityInformation security beyond the organisation’s borders
Chapter 4: Six Data Protection Principles
Principle 1: Lawfulness, fairness and transparencyPrinciple 2: Purpose limitationPrinciple 3: Data minimisationPrinciple 4: AccuracyPrinciple 5: Storage limitationPrinciple 6: Integrity and confidentialityAccountability and compliance

Chapter 5: Requirements for Data Protection Impact Assessments
Data protection impact assessmentsWhen to conduct a DPIAWho needs to be involvedData protection by design and by default
Chapter 6: Risk Management and DPIAs
DPIAs as part of risk managementRisk management standards and methodologiesRisk responsesRisk relationshipsRisk management and personal data
Chapter 7: Data Mapping
Objectives and outcomesFour elements of data flowData mapping, DPIAs and risk management
Chapter 8: Conducting DPIAs
Reasons for conducting a DPIAObjectives and outcomesConsultationFive key stages of the DPIAIntegrating the DPIA into the project plan
Chapter 9: Data Subjects’ Rights
Fair processingThe right to accessThe right to rectificationThe right to be forgottenThe right to restriction of processingThe right to data portabilityThe right to objectThe right to appropriate decision making
Chapter 10: Consent
Consent in a nutshellWithdrawing consentAlternatives to consentPracticalities of consentChildrenSpecial categories of personal dataData relating to criminal convictions and offences
Chapter 11: Subject Access Requests
The information to provideData portabilityResponsibilities of the data controllerProcesses and proceduresOptions for confirming the requester’s identityRecords to examineTime and moneyDealing with bulk subject access requestsRight to refusal
Chapter 12: Controllers and Processors
Data controllersJoint controllersData processorsControllers that are processorsControllers and processors outside the EURecords of processingDemonstrating compliance
Chapter 13: Managing Personal Data Internationally
Key requirementsAdequacy decisionsSafeguardsBinding corporate rulesThe EU-US Privacy ShieldPrivacy Shield PrinciplesLimited transfersCloud services
Chapter 14: Incident Response Management and Reporting
NotificationEvents vs incidentsTypes of incidentCyber security incident response plansKey roles in incident managementPrepareRespondFollow up
Chapter 15: GDPR Enforcement
The hierarchy of authoritiesOne-stop-shop mechanismDuties of supervisory authoritiesPowers of supervisory authoritiesDuties and powers of the European Data Protection BoardData subjects’ rights to redressAdministrative finesThe Regulation’s impact on other laws
Chapter 16: Transitioning and Demonstrating Compliance
Transition frameworksTransition – understanding the changes from DPD to GDPRUsing policies to demonstrate complianceCodes of conduct and certification mechanisms
Appendix 1: Index of the Regulation
Appendix 2: EU/EEA National Supervisory Authorities
Appendix 3: Implementation FAQs
ITG Resources

Overview

The updated second edition of the bestselling guide to the changes your organisation needs to make to comply with the EU GDPR.

“The clear language of the guide and the extensive explanations, help to explain the many doubts that arise reading the articles of the Regulation.”

Giuseppe G. Zorzino

The EU General Data Protection Regulation (GDPR) will supersede the 1995 EU Data Protection Directive (DPD) and all EU member states’ national laws based on it – including the UK Data Protection Act 1998 – in May 2018.

All organisations – wherever they are in the world – that process the personal data of EU residents must comply with the Regulation. Failure to do so could result in fines of up to €20 million or 4% of annual global turnover.

This book provides a detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.

Product overview

Now in its second edition, EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law, explaining the Regulation, and setting out the obligations of data processors and controllers in terms you can understand.

Topics covered include:

The role of the data protection officer (DPO) – including whether you need one and what they should do.
Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct a DPIA.
Data subjects’ rights, including consent and the withdrawal of consent; subject access requests and how to handle them; and data controllers’ and processors’ obligations.
International data transfers to “third countries” – including guidance on adequacy decisions and appropriate safeguards; the EU-US Privacy Shield; international organisations; limited transfers; and Cloud providers.
How to adjust your data protection processes to transition to GDPR compliance, and the best way of demonstrating that compliance.
A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.

New for the second edition:

Additional definitions.
Further guidance on the role of the DPO.
Greater clarification on data subjects’ rights.
Extra guidance on data protection impact assessments.
More detailed information on subject access requests (SARs).
Clarification of consent and the alternative lawful bases for processing personal data.
New appendix: implementation FAQ.
The GDPR will have a significant impact on organisational data protection regimes around the world. EU GDPR – An Implementation and Compliance Guide shows you exactly what you need to do to comply with the new law.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition

Publisher Resources

ISBN: 9781849289467

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills