The updated second edition of the bestselling guide to the changes your organisation needs to make to comply with the EU GDPR.
“The clear language of the guide and the extensive explanations, help to explain the many doubts that arise reading the articles of the Regulation.”
Giuseppe G. Zorzino
The EU General Data Protection Regulation (GDPR) will supersede the 1995 EU Data Protection Directive (DPD) and all EU member states’ national laws based on it – including the UK Data Protection Act 1998 – in May 2018.
All organisations – wherever they are in the world – that process the personal data of EU residents must comply with the Regulation. Failure to do so could result in fines of up to €20 million or 4% of annual global turnover.
This book provides a detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.
Now in its second edition, EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law, explaining the Regulation, and setting out the obligations of data processors and controllers in terms you can understand.Topics covered include:
- The role of the data protection officer (DPO) – including whether you need one and what they should do.
- Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct a DPIA.
- Data subjects’ rights, including consent and the withdrawal of consent; subject access requests and how to handle them; and data controllers’ and processors’ obligations.
- International data transfers to “third countries” – including guidance on adequacy decisions and appropriate safeguards; the EU-US Privacy Shield; international organisations; limited transfers; and Cloud providers.
- How to adjust your data protection processes to transition to GDPR compliance, and the best way of demonstrating that compliance.
- A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.
- Additional definitions.
- Further guidance on the role of the DPO.
- Greater clarification on data subjects’ rights.
- Extra guidance on data protection impact assessments.
- More detailed information on subject access requests (SARs).
- Clarification of consent and the alternative lawful bases for processing personal data.
- New appendix: implementation FAQ.
- The GDPR will have a significant impact on organisational data protection regimes around the world. EU GDPR – An Implementation and Compliance Guide shows you exactly what you need to do to comply with the new law.
Table of Contents
- About the Author
- Chapter 1: Privacy Compliance Frameworks
Chapter 2: Role of the Data Protection Officer
- Voluntary designation of a Data Protection Officer
- Undertakings that share a DPO
- DPO on a service contract
- Publication of DPO contact details
- Position of the DPO
- Necessary resources
- Acting in an independent manner
- Protected role of the DPO
- Conflicts of interest
- Specification of the DPO
- Duties of the DPO
- The DPO and the organisation
- The DPO and the supervisory authority
- Data protection impact assessments and risk management
- In house or contract
Chapter 3: Common Data Security Failures
- Personal data breaches
- Anatomy of a data breach
- Sites of attack
- Securing your information
- ISO 27001
- Ten Steps to Cyber Security
- Cyber Essentials
- NIST standards
- The information security policy
- Assuring information security
- Governance of information security
- Information security beyond the organisation’s borders
- Chapter 4: Six Data Protection Principles
- Chapter 5: Requirements for Data Protection Impact Assessments
- Chapter 6: Risk Management and DPIAs
- Chapter 7: Data Mapping
- Chapter 8: Conducting DPIAs
- Chapter 9: Data Subjects’ Rights
- Chapter 10: Consent
- Chapter 11: Subject Access Requests
- Chapter 12: Controllers and Processors
- Chapter 13: Managing Personal Data Internationally
- Chapter 14: Incident Response Management and Reporting
- Chapter 15: GDPR Enforcement
- Chapter 16: Transitioning and Demonstrating Compliance
- Appendix 1: Index of the Regulation
- Appendix 2: EU/EEA National Supervisory Authorities
- Appendix 3: Implementation FAQs
- ITG Resources
- Title: EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition
- Release date: August 2017
- Publisher(s): IT Governance Publishing
- ISBN: 9781849289467