Intro to GDPR: A Plain English Guide to Compliance电子书

ABOUT THE AUTHOR

ACKNOWLEDGEMENTS

1. INTRODUCTION

1.1 Which organisations need to be compliant with the GDPR?

1.2 The positive side of the GDPR

1.3 How is this book structured?

1.4 Who is this book for?

1.5 Additional resources

2. ORIGIN OF PRIVACY AND GDPR BASICS

2.1 Introduction

2.2 History of privacy

2.3 What is the GDPR?

2.4 Objectives of the GDPR

2.5 Who does the GDPR apply to?

2.6 Related frameworks (ISO 27001 and other)

2.7 e-Privacy regulation

2.8 Key terms in the GDPR

2.9 Myths about the GDPR

2.10 Business activities that are most impacted by the GDPR

2.11 Success factors

3. LEGITIMATE PURPOSES, PRINCIPLES AND ROLES

3.1 Introduction

3.2 Legitimate Purposes of processing personal data

3.3 Principles

3.4 Success factors

4. TRANSPARENCY THROUGH THE PRIVACY NOTICE

4.1 Introduction

4.2 What is meant by transparency?

4.3 What is a privacy notice or statement?

4.4 Who is the privacy notice meant for?

4.5 What are the key requirements for a privacy notice?

4.6 What are the contents of a privacy notice?

4.7 Who are the key contributors to a privacy notice?

4.8 How often should this be updated?

4.9 Success factors

5. INVENTORY OF PROCESSING ACTIVITIES AND RETENTION

5.1 Introduction

5.2 Inventory of Processing Activities – What, and why?

5.3 Retention of personal data – What, and why?

5.4 Fulfilling inventory and retention requirements – Who, and how?

5.5 Success factors

6. DATA SUBJECT ACCESS RIGHTS AND CONSENT

6.1 Introduction

6.2 Consent – What is it?

6.3 What are the key requirements related to consent?

6.4 Who is responsible for seeking consent?

6.5 Who are the data subjects who need to provide consent?

6.6 What are the scenarios in which consent may be required?

6.7 Data Subject Access Rights

6.8 Who can make a request in line with Data Subject Access Rights?

6.9 How can a data subject make a request in line with Data Subject Access Rights?

6.10 How long can a company take to answer a DSAR?

6.11 Can the data subject be charged for a DSAR?

6.12 How should a DSAR be handled?

6.13 Are there any exemptions when answering a DSAR?

6.14 Can a DSAR be rejected?

6.15 Success factors

7. DATA PROTECTION IMPACT ASSESSMENT

7.1 Introduction

7.2 What is a Data Protection Impact Assessment?

7.3 What is the purpose of a DPIA?

7.4 When should a DPIA be conducted?

7.5 What are the steps of a DPIA, and who should conduct it?

7.6 Success factors

8. DATA SECURITY AND PRIVACY BY DESIGN

8.1 Introduction

8.2 What is privacy by design?

8.3 What are the consequences of privacy by design?

8.4 What are the policies that should be implemented to ensure security of personal data?

8.5 Best practices to implement privacy by design policies

8.6 Success factors

9. PERSONAL DATA TRANSFERS AND MANAGING THIRD PARTIES

9.1 Introduction

9.2 What is meant by data transfers?

9.3 What are the requirements when transferring data, both in the EU and outside of the EU?

9.3.1. How can data transfers be enabled?

9.3.2. How to manage third parties

9.3.3. Managing existing third parties

9.4 Handling new contracts with third parties

9.5 Success factors

10. DATA BREACHES

10.1 Introduction

10.2 What is a data breach, and what are the fines related to a data breach?

10.3 What are the contents of a data breach notification?

10.4 How should a personal data breach be reported?

10.5 What should be done once a data breach is identified?

10.6 Informing supervisory authorities and data subjects

10.7 What should be done after a data breach?

10.8 Success factors

11. DATA PROTECTION OFFICER

11.1 Introduction

11.2 What is the DPO role, and why is it needed?

11.3 What are the responsibilities of a DPO?

11.4 Can you hire an external DPO?

11.5 Important to note if you chose to appoint a DPO

11.6 Success factors

12. GETTING YOUR ORGANISATION TO GDPR COMPLIANCE

12.1 Introduction

12.2 What is the first thing to do?

12.3 Who are the key stakeholders?

12.4 Establish the project

12.5 Choosing an external consultant

12.6 GDPR readiness assessment

12.7 Identify risks and make a plan

12.8 Define a data protection policy

12.9 Communication

12.10 Awareness and training

12.11 Key success factors to remain compliant with the GDPR

12.12 Review awareness on privacy and protection matters

12.13 Internal or external audit

12.14 Regular reviews and continual improvement

12.15 Keep looking forward

12.16 Success factors

APPENDIX A – PROJECT CHECKLIST FOR EU GDPR IMPLEMENTATION

APPENDIX B – DIAGRAM OF THE EU GDPR IMPLEMENTATION PROCESS

APPENDIX C – KEY DELIVERABLES FOR COMPLIANCE WITH GDPR

BIBLIOGRAPHY