ABOUT THE AUTHOR
1.1 Which organisations need to be compliant with the GDPR?
1.2 The positive side of the GDPR
1.3 How is this book structured?
1.4 Who is this book for?
1.5 Additional resources
2. ORIGIN OF PRIVACY AND GDPR BASICS
2.2 History of privacy
2.3 What is the GDPR?
2.4 Objectives of the GDPR
2.5 Who does the GDPR apply to?
2.6 Related frameworks (ISO 27001 and other)
2.7 e-Privacy regulation
2.8 Key terms in the GDPR
2.9 Myths about the GDPR
2.10 Business activities that are most impacted by the GDPR
2.11 Success factors
3. LEGITIMATE PURPOSES, PRINCIPLES AND ROLES
3.2 Legitimate Purposes of processing personal data
3.4 Success factors
4. TRANSPARENCY THROUGH THE PRIVACY NOTICE
4.2 What is meant by transparency?
4.3 What is a privacy notice or statement?
4.4 Who is the privacy notice meant for?
4.5 What are the key requirements for a privacy notice?
4.6 What are the contents of a privacy notice?
4.7 Who are the key contributors to a privacy notice?
4.8 How often should this be updated?
4.9 Success factors
5. INVENTORY OF PROCESSING ACTIVITIES AND RETENTION
5.2 Inventory of Processing Activities – What, and why?
5.3 Retention of personal data – What, and why?
5.4 Fulfilling inventory and retention requirements – Who, and how?
5.5 Success factors
6. DATA SUBJECT ACCESS RIGHTS AND CONSENT
6.2 Consent – What is it?
6.3 What are the key requirements related to consent?
6.4 Who is responsible for seeking consent?
6.5 Who are the data subjects who need to provide consent?
6.6 What are the scenarios in which consent may be required?
6.7 Data Subject Access Rights
6.8 Who can make a request in line with Data Subject Access Rights?
6.9 How can a data subject make a request in line with Data Subject Access Rights?
6.10 How long can a company take to answer a DSAR?
6.11 Can the data subject be charged for a DSAR?
6.12 How should a DSAR be handled?
6.13 Are there any exemptions when answering a DSAR?
6.14 Can a DSAR be rejected?
6.15 Success factors
7. DATA PROTECTION IMPACT ASSESSMENT
7.2 What is a Data Protection Impact Assessment?
7.3 What is the purpose of a DPIA?
7.4 When should a DPIA be conducted?
7.5 What are the steps of a DPIA, and who should conduct it?
7.6 Success factors
8. DATA SECURITY AND PRIVACY BY DESIGN
8.2 What is privacy by design?
8.3 What are the consequences of privacy by design?
8.4 What are the policies that should be implemented to ensure security of personal data?
8.5 Best practices to implement privacy by design policies
8.6 Success factors
9. PERSONAL DATA TRANSFERS AND MANAGING THIRD PARTIES
9.2 What is meant by data transfers?
9.3 What are the requirements when transferring data, both in the EU and outside of the EU?
9.3.1. How can data transfers be enabled?
9.3.2. How to manage third parties
9.3.3. Managing existing third parties
9.4 Handling new contracts with third parties
9.5 Success factors
10. DATA BREACHES
10.2 What is a data breach, and what are the fines related to a data breach?
10.3 What are the contents of a data breach notification?
10.4 How should a personal data breach be reported?
10.5 What should be done once a data breach is identified?
10.6 Informing supervisory authorities and data subjects
10.7 What should be done after a data breach?
10.8 Success factors
11. DATA PROTECTION OFFICER
11.2 What is the DPO role, and why is it needed?
11.3 What are the responsibilities of a DPO?
11.4 Can you hire an external DPO?
11.5 Important to note if you chose to appoint a DPO
11.6 Success factors
12. GETTING YOUR ORGANISATION TO GDPR COMPLIANCE
12.2 What is the first thing to do?
12.3 Who are the key stakeholders?
12.4 Establish the project
12.5 Choosing an external consultant
12.6 GDPR readiness assessment
12.7 Identify risks and make a plan
12.8 Define a data protection policy
12.10 Awareness and training
12.11 Key success factors to remain compliant with the GDPR
12.12 Review awareness on privacy and protection matters
12.13 Internal or external audit
12.14 Regular reviews and continual improvement
12.15 Keep looking forward
12.16 Success factors
APPENDIX A – PROJECT CHECKLIST FOR EU GDPR IMPLEMENTATION
APPENDIX B – DIAGRAM OF THE EU GDPR IMPLEMENTATION PROCESS
APPENDIX C – KEY DELIVERABLES FOR COMPLIANCE WITH GDPR
累计评论(0条) 0个书友正在讨论这本书 发表评论