book

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition

Name: EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition
Author: ITGP Privacy Team
ISBN: 9781849289467

by ITGP Privacy Team

August 2017

Intermediate to advanced

381 pages

6h 1m

English

IT Governance Publishing

Read now

Unlock full access

Cover
Title
Copyright
About the Author
Contents
Introduction
The purpose of the GDPRStructure of the RegulationImpact on the EUImplementing the GDPRKey definitions
Chapter 1: Privacy Compliance Frameworks
Material scopeTerritorial scopeGovernanceObjectivesKey processesPersonal information management systemsISO/IEC 27001:2013Selecting and implementing a compliance frameworkImplementing the framework
Chapter 2: Role of the Data Protection Officer
Voluntary designation of a Data Protection OfficerUndertakings that share a DPODPO on a service contractPublication of DPO contact detailsPosition of the DPONecessary resourcesActing in an independent mannerProtected role of the DPOConflicts of interestSpecification of the DPODuties of the DPOThe DPO and the organisationThe DPO and the supervisory authorityData protection impact assessments and risk managementIn house or contract
Chapter 3: Common Data Security Failures
Personal data breachesAnatomy of a data breachSites of attackSecuring your informationISO 27001Ten Steps to Cyber SecurityCyber EssentialsNIST standardsThe information security policyAssuring information securityGovernance of information securityInformation security beyond the organisation’s borders
Chapter 4: Six Data Protection Principles
Principle 1: Lawfulness, fairness and transparencyPrinciple 2: Purpose limitationPrinciple 3: Data minimisationPrinciple 4: AccuracyPrinciple 5: Storage limitationPrinciple 6: Integrity and confidentialityAccountability and compliance

Chapter 5: Requirements for Data Protection Impact Assessments
Data protection impact assessmentsWhen to conduct a DPIAWho needs to be involvedData protection by design and by default
Chapter 6: Risk Management and DPIAs
DPIAs as part of risk managementRisk management standards and methodologiesRisk responsesRisk relationshipsRisk management and personal data
Chapter 7: Data Mapping
Objectives and outcomesFour elements of data flowData mapping, DPIAs and risk management
Chapter 8: Conducting DPIAs
Reasons for conducting a DPIAObjectives and outcomesConsultationFive key stages of the DPIAIntegrating the DPIA into the project plan
Chapter 9: Data Subjects’ Rights
Fair processingThe right to accessThe right to rectificationThe right to be forgottenThe right to restriction of processingThe right to data portabilityThe right to objectThe right to appropriate decision making
Chapter 10: Consent
Consent in a nutshellWithdrawing consentAlternatives to consentPracticalities of consentChildrenSpecial categories of personal dataData relating to criminal convictions and offences
Chapter 11: Subject Access Requests
The information to provideData portabilityResponsibilities of the data controllerProcesses and proceduresOptions for confirming the requester’s identityRecords to examineTime and moneyDealing with bulk subject access requestsRight to refusal
Chapter 12: Controllers and Processors
Data controllersJoint controllersData processorsControllers that are processorsControllers and processors outside the EURecords of processingDemonstrating compliance
Chapter 13: Managing Personal Data Internationally
Key requirementsAdequacy decisionsSafeguardsBinding corporate rulesThe EU-US Privacy ShieldPrivacy Shield PrinciplesLimited transfersCloud services
Chapter 14: Incident Response Management and Reporting
NotificationEvents vs incidentsTypes of incidentCyber security incident response plansKey roles in incident managementPrepareRespondFollow up
Chapter 15: GDPR Enforcement
The hierarchy of authoritiesOne-stop-shop mechanismDuties of supervisory authoritiesPowers of supervisory authoritiesDuties and powers of the European Data Protection BoardData subjects’ rights to redressAdministrative finesThe Regulation’s impact on other laws
Chapter 16: Transitioning and Demonstrating Compliance
Transition frameworksTransition – understanding the changes from DPD to GDPRUsing policies to demonstrate complianceCodes of conduct and certification mechanisms
Appendix 1: Index of the Regulation
Appendix 2: EU/EEA National Supervisory Authorities
Appendix 3: Implementation FAQs
ITG Resources

Content preview from EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition

CHAPTER 6: RISK MANAGEMENT AND DPIAS

The Regulation notes that controllers and processors “should evaluate the risks inherent in the processing and implement measures to mitigate those risks”¹¹⁵. This same consideration is mentioned several times throughout the Regulation, requiring the controller and the processor to take risks into account at many stages throughout the lifecycle of the personal data in question. While it stops short of saying that the organisation should have an explicit risk management programme, it is clear that a systematic and comprehensive approach is the best way to ensure compliance.

Risk management is now a standard expectation of corporate management and, while smaller organisations might manage risk relatively informally, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition

Publisher Resources

ISBN: 9781849289467

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide - Second edition

by ITGP Privacy Team

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.