Rating: 0 out of 5 stars
0 ratings
Ebook206 pages1 hour
Intro to GDPR: A Plain English Guide to Compliance
By Punit Bhatia
Rating: 0 out of 5 stars
()
About this ebook
Intro to GDPR is written by experienced data protection professional Punit Bhatia. Bhatia has served as the Privacy and Protection Officer in an EU-based bank and lecturer at the Solvay Brussels School of Economics and Management. He is Certified Information Privacy Professional ‑ Europe (CIPP-E), Certified Information Privacy Manager (CIPM), and Certified Outsourcing Professional (COP).
Bhatia will lead you through the complex journey to the GDPR compliance with the simple language and many practical examples. Whether you are a complete beginner or experienced data protection practitioner this book is the right resource for you.
Intro to GDPR is a complete guide to compliance. Bhatia uses the simple language, understandable to everyone in order to lead you from the introduction all the way to getting your organization GDPR compliant. In this book you will learn:
1. Which organisations need to be compliant with the GDPR?
2. Key terms in the GDPR. You will get familiarized with key terms that form the basis of the GDPR. You will learn definitions of terms: “Personal data”, “Special categories of personal data”, “Processing” difference between terms “Controller” and “Processor” and others.
3. Myths about the GDPR like “the GDPR is only applicable in the EU”, “The GDPR is about fines” and others.
4. Transparency through the privacy notice. As written in the book, “transparency is one of the key principles in the EU GDPR” so it is important to understand what is transparency and privacy notice but also what are the key requirements and contents of a privacy notice.
5. Data breaches. “GDPR requirements on data breaches are different for controllers and for processors” – this chapter will make you aware of data breach requirements and key actions that are required once a breach is detected.
6. What is the first thing to do to become compliant and what are the key factors to remain compliant with the GDPR, and much more.
Written in plain English, with many practical examples, Intro to GDPR is the only book you need on the subject of GDPR.
Related to Intro to GDPR
Related ebooks
EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Data Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsA Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5GDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Data Protection Officer Rating: 3 out of 5 stars3/5The Impact of the General Data Protection Regulation (GDPR) on the Online Advertising Market Rating: 0 out of 5 stars0 ratingsData Protection and the Cloud: Are the risks too great? Rating: 4 out of 5 stars4/5Data Privacy: A runbook for engineers Rating: 0 out of 5 stars0 ratingsA Practical Guide to IT Law Rating: 0 out of 5 stars0 ratingsGDPR-standard data protection staff training: What employees & associates need to know by Dr Paweł Mielniczek Rating: 0 out of 5 stars0 ratingsGDPR - Standard Data Protection System In 16 Steps Rating: 0 out of 5 stars0 ratingsData Governance: Governing data for sustainable business Rating: 0 out of 5 stars0 ratingsData Governance: How to Design, Deploy, and Sustain an Effective Data Governance Program Rating: 4 out of 5 stars4/5The EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsGDPR Compliance A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPCI Compliance: Understand and Implement Effective PCI Data Security Standard Compliance Rating: 5 out of 5 stars5/5IT Outsourcing Contracts: A Legal and Practical Guide Rating: 3 out of 5 stars3/5An Introduction to Information Security and ISO27001:2013: A Pocket Guide Rating: 4 out of 5 stars4/5Information Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsData Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Governance and Internal Controls for Cutting Edge IT Rating: 0 out of 5 stars0 ratingsCloud Security and Governance: Who's on your cloud? Rating: 1 out of 5 stars1/5FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratings
Business & Financial Law For You
Win In Court Every Time Rating: 5 out of 5 stars5/5Business Law Rating: 4 out of 5 stars4/5Legal Guide for Starting & Running a Small Business Rating: 4 out of 5 stars4/5IRAs, 401(k)s & Other Retirement Plans: Strategies for Taking Your Money Out Rating: 4 out of 5 stars4/5The Law (in Plain English) for Nonprofit Organizations Rating: 0 out of 5 stars0 ratingsPain Free Dental Deals: An Entrepreneurial Dentist's Guide To Buying, Selling, and Merging Practices Rating: 0 out of 5 stars0 ratingsCalifornia Employment Law: An Employer's Guide: Revised and Updated for 2022 Rating: 0 out of 5 stars0 ratingsIntroduction to Negotiable Instruments: As per Indian Laws Rating: 5 out of 5 stars5/5Business Organizations: Outlines and Case Summaries: Law School Survival Guides, #10 Rating: 0 out of 5 stars0 ratingsDisloyal: A Memoir: The True Story of the Former Personal Attorney to President Donald J. Trump Rating: 4 out of 5 stars4/5Your Limited Liability Company: An Operating Manual Rating: 0 out of 5 stars0 ratingsLLC: LLC Quick start guide - A beginner's guide to Limited liability companies, and starting a business Rating: 5 out of 5 stars5/5The SHRM Essential Guide to Employment Law, Second Edition: A Handbook for HR Professionals, Managers, Businesses, and Organizations Rating: 0 out of 5 stars0 ratingsInternational Business Law: Cases and Materials Rating: 5 out of 5 stars5/5Nolo's Quick LLC: All You Need to Know About Limited Liability Companies Rating: 5 out of 5 stars5/5Insurance Ethics Training Rating: 5 out of 5 stars5/5AI For Lawyers: How Artificial Intelligence is Adding Value, Amplifying Expertise, and Transforming Careers Rating: 0 out of 5 stars0 ratingsLaw of Leverage: The Key to Exponential Wealth Rating: 4 out of 5 stars4/5S Corporation ESOP Traps for the Unwary Rating: 0 out of 5 stars0 ratingsLegal Guide for Starting & Running a Small Business Rating: 0 out of 5 stars0 ratingsLegalpreneur: The Business Owner's Guide To Legally Protecting Your Business Rating: 0 out of 5 stars0 ratingsMergers and Acquisitions from A to Z Rating: 4 out of 5 stars4/5The Trademark Guide: How You Can Protect and Profit from Trademarks (Third Edition) Rating: 0 out of 5 stars0 ratingsCourage to Stand: Mastering Trial Strategies and Techniques in the Courtroom Rating: 0 out of 5 stars0 ratingsThe Writer's Legal Guide, Fourth Edition Rating: 5 out of 5 stars5/5Sarbanes-Oxley Simplified Rating: 5 out of 5 stars5/5Bookkeepers' Boot Camp: Get a Grip on Accounting Basics Rating: 5 out of 5 stars5/5Employment Law (in Plain English) Rating: 0 out of 5 stars0 ratingsThe Chickenshit Club: Why the Justice Department Fails to Prosecute Executives Rating: 5 out of 5 stars5/5
Related podcast episodes
The Foolproof Way To Pass The CIPPE Exam In 2 Weeks 0% found this document usefulHow to Negotiate: Evan Davis and guests discuss the skills and techniques needed to reach a win-win deal. 100% found this document usefulData protection principles: 7 principles that are critical to driving growth 0% found this document usefulSpecialist Topic - GDPR Made Simple With Kim Bradford 0% found this document usefulIn Conversation With Eduardo Ustaran 0% found this document usefulEP12 Data Protection & Law Enforcement Directive: Business & Decision Expert Podcast strives to ans… 0% found this document usefulSkyrocket Your Privacy Career - How To Be The Go To Choice For Hiring Managers 0% found this document useful#289: Privacy, Data & GDPR Insights (Short Summary Show) 0% found this document usefulHow to Prepare Your HR Data for EU CSRD Reporting (an Interview with Yves Van Durme) 0% found this document usefulTalking ESG: How new EU rules may impact your reporting 0% found this document useful5 Secrets To Build A Privacy First Culture And Prevent Data Breaches 0% found this document useful#139: Data Laws and Data and Privacy Health Checks for Loyalty Professionals 0% found this document usefulPreparing Payroll for GDPR with Richard George #01 0% found this document usefulWhy Your DIY Privacy Strategy Is A Ticking Time Bomb: The Real Cost of Ignoring Experts 0% found this document useful
Related articles
Compliance Is Riskier Than Ever The European Business ReviewArticle
Compliance Is Riskier Than Ever
Jan 31, 2020
4 min readData Compliance Checklist MarketingArticle
Data Compliance Checklist
May 15, 2019
People had a lot to say about Google’s January AU$80 million fine for breaching the General Data Protection Regulation (GDPR) – and rightly so. It was the first time a tech giant suffered a financial penalty under the GDPR. The fine served as a signa
3 min readWhy Is Data Protection Important To Small Businesses Parents in BizArticle
Why Is Data Protection Important To Small Businesses
Jan 24, 2022
3 min readOnline-Privacy Laws Come With a Downside The AtlanticArticle
Online-Privacy Laws Come With a Downside
Jun 3, 2019
6 min readData Protection: Lightening The Load Of Compliance The European Business ReviewArticle
Data Protection: Lightening The Load Of Compliance
Sep 25, 2021
7 min readPopia Gay PagesArticle
Popia
Aug 16, 2021
3 min readDiagnosis: We Have Pii And Ip… Now What? The European Business ReviewArticle
Diagnosis: We Have Pii And Ip… Now What?
Oct 2, 2023
5 min readThe Gold Standard MarketingArticle
The Gold Standard
Jun 6, 2018
9 min readOLIVIA WHITCROFT “I Often See Jaws Drop When I Tell A Busines They Need To Speak About What They’replanning To Do” PC Pro MagazineArticle
OLIVIA WHITCROFT “I Often See Jaws Drop When I Tell A Busines They Need To Speak About What They’replanning To Do”
Sep 7, 2023
6 min read“How Do You Launch A Product Without Alienating Or Damaging Your Customers?” PC Pro MagazineArticle
“How Do You Launch A Product Without Alienating Or Damaging Your Customers?”
Feb 10, 2022
6 min readMarketers: Stop Being A Privacy Liability MarketingArticle
Marketers: Stop Being A Privacy Liability
Jun 6, 2018
Trustworthiness begets a positive customer experience. As a marketer, you intuitively know that having a trustworthy brand is important. Consumers today are also increasingly aware of the value of their personal data. As a result, brands can no longe
2 min readSearching For Privacy NZ MarketingArticle
Searching For Privacy
Dec 8, 2021
6 min readDrawing The Digital Curtains Business TodayArticle
Drawing The Digital Curtains
Jun 25, 2018
8 min readProtecting Data Now Fully Law Finweek - EnglishArticle
Protecting Data Now Fully Law
Sep 4, 2020
South Africa remains vulnerable to the threat posed by data breaches and has been found to have the highest probability of experiencing it. The recent hack of credit data firm Experian SA, in which the personal information of as many as 24m South Afr
4 min readGood Governance for Dark Data: GUIDELINES FOR INDUSTRIAL IOT MANAGERS The European Business ReviewArticle
Good Governance for Dark Data: GUIDELINES FOR INDUSTRIAL IOT MANAGERS
Mar 31, 2020
7 min readLeadership Forum: Making Digital Transformation A Reality Rotman ManagementArticle
Leadership Forum: Making Digital Transformation A Reality
Jan 1, 2018
Glenda Crisp Senior Vice President and Chief Data Officer, TD Bank Group + Connie Bonello Associate Partner, Financial Services, IBM Canada IN MOST OF TODAY’S ORGANIZATIONS, data underpins every transaction, operation and interaction. And yet, the ab
8 min readN° 1 cookie Monster Inc.Article
N° 1 cookie Monster
Aug 12, 2020
8 min readTHE DECADE OF DELETE How New Privacy And Cyber Regulations Will End Organisational Data Hoarding The European Business ReviewArticle
THE DECADE OF DELETE How New Privacy And Cyber Regulations Will End Organisational Data Hoarding
Feb 1, 2023
6 min readEnter the Industry 4.0 Era Today by Using “Dark Data” You Already Have The European Business ReviewArticle
Enter the Industry 4.0 Era Today by Using “Dark Data” You Already Have
Aug 2, 2019
7 min readThe Great Trade-off: Balancing Privacy And Trust In Marketing In The Digital Age NZ MarketingArticle
The Great Trade-off: Balancing Privacy And Trust In Marketing In The Digital Age
Jun 22, 2023
From May 8-12, our Privacy Week 2023 event delved into the ever-pressing question of how to strike a balance between privacy, consumer trust, and the world of marketing. Collaborating with the Office of the Privacy Commissioner, the Marketing Associa
3 min readHow Ready Are You? Finweek - EnglishArticle
How Ready Are You?
Jun 25, 2021
the deadline for the implementation of the remaining provisions of the Protection of Personal Information Act (POPIA) is less than a week away and the gravity of the process has now dawned on people. Many companies have left it too late, despite havi
4 min readIt As The Whipping Boy: Mistakenly Confusing ‘Enterprise It’ With ‘Consumer It’ The European Business ReviewArticle
It As The Whipping Boy: Mistakenly Confusing ‘Enterprise It’ With ‘Consumer It’
Jul 31, 2020
As users of digital technologies in their personal lives, many executives pine for their internal IT systems to give them a similar experience and to be just like IT is in their daily lives. They point to the simplicity, ease of use and hassle free n
9 min read“Our Customer Services Rep Called Them A Twerp–can I With Hold This?” PC Pro MagazineArticle
“Our Customer Services Rep Called Them A Twerp–can I With Hold This?”
Dec 8, 2022
Since the start of the summer, a lucky dip of legal queries has landed on my desk. From subject access requests to restrictive covenants in technology consultancy agreements, and onwards to software development contracts between multiple parties. Dat
6 min readWhere Will You Be In 10 Years? EntrepreneurArticle
Where Will You Be In 10 Years?
Mar 1, 2022
8 min readGDPR - Death Knell or a New Life for Customer Analytics? The European Business ReviewArticle
GDPR - Death Knell or a New Life for Customer Analytics?
Sep 20, 2018
4 min readHow To Keep Data Safe MoneyWeekArticle
How To Keep Data Safe
Feb 3, 2023
2 min readA New Way To Measure Sustainable Investing Fast CompanyArticle
A New Way To Measure Sustainable Investing
May 2, 2023
2 min readData Doesn’t Just Mean Digital NZ MarketingArticle
Data Doesn’t Just Mean Digital
Sep 23, 2019
4 min readPrivacy: The Price Of Trust Inc.Article
Privacy: The Price Of Trust
Aug 17, 2021
How will cybersecurity and data privacy evolve over the next decade? We’re hearing from our customers that cybersecurity and data privacy are increasingly becoming board-level conversations. Companies will start to think about privacy, security, vend
1 min readQuantum Leap MarketingArticle
Quantum Leap
Jul 11, 2019
6 min read
Reviews for Intro to GDPR
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
Intro to GDPR - Punit Bhatia
Intro to GDPR
Punit Bhatia
Intro to GDPR
A Plain English Guide to Compliance
Advisera Expert Solutions Ltd
Zagreb, Croatia
Copyright ©2018 by Advisera Expert Solutions Ltd
All rights reserved. No part of this book may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without written permission from the author, except for the inclusion of brief quotations in a review.
Limit of Liability / Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. This book does not contain all information available on the subject. This book has not been created to be specific to any individual’s or organisation’s situation or needs. You should consult with a professional where appropriate. The author and publisher shall have no liability or responsibility to any person or entity regarding any loss or damage incurred, or alleged to have been incurred, directly or indirectly, by the information contained in this book.
First published by Advisera Expert Solutions Ltd
Zavizanska 12, 10000 Zagreb
Croatia
European Union
http://advisera.com/
Editor: Dejan Kosutic.
ISBN: 978-953-8155-18-51
First Edition, 2018
ABOUT THE AUTHOR
Punit Bhatia is a senior professional with more than 18 years of experience in executing change and leading transformation initiatives. Across three continents, Punit has led projects and programs of varying complexity in business and technology. Across multiple industries, he has experience on both sides of the table; i.e., he has served as a consultant who worked for IT consulting companies, and as a key influencer and driver who has defined and delivered change for large enterprises. He has proven expertise in the areas of data privacy, sourcing and vendor management, and digital transformation.
In the last three years, Punit has advised and driven multiple initiatives to ensure compliance with the EU General Data Protection Regulation (GDPR). Part of this effort has involved attending multiple events, exchanging implementation approaches and dialogue with many experts. Based on these experiences, he is an active speaker or panellist at many different GDPR and sourcing events. Punit is also the author of another book: Be Ready for GDPR
, which is available on Amazon in print and e-formats.
An engineer and MBA through qualifications, Punit is a Certified Information Privacy Professional – Europe (CIPP-E), a Certified Information Privacy Manager (CIPM), and a Certified Outsourcing Professional (COP). Punit delivers guest lectures at Solvay Brussels School of Economics and Management on topics of privacy and sourcing.
TABLE OF CONTENTS
ABOUT THE AUTHOR
ACKNOWLEDGEMENTS
1. INTRODUCTION
1.1 WHICH ORGANISATIONS NEED TO BE COMPLIANT WITH THE GDPR?
1.2 THE POSITIVE SIDE OF THE GDPR
1.3 HOW IS THIS BOOK STRUCTURED?
1.4 WHO IS THIS BOOK FOR?
1.5 ADDITIONAL RESOURCES
2. ORIGIN OF PRIVACY AND GDPR BASICS
2.1 INTRODUCTION
2.2 HISTORY OF PRIVACY
2.3 WHAT IS THE GDPR?
2.4 OBJECTIVES OF THE GDPR
2.5 WHO DOES THE GDPR APPLY TO?
2.6 RELATED FRAMEWORKS (ISO 27001 AND OTHER)
2.7 E-PRIVACY REGULATION
2.8 KEY TERMS IN THE GDPR
2.9 MYTHS ABOUT THE GDPR
2.10 BUSINESS ACTIVITIES THAT ARE MOST IMPACTED BY THE GDPR
2.11 SUCCESS FACTORS
3. LEGITIMATE PURPOSES, PRINCIPLES AND ROLES
3.1 INTRODUCTION
3.2 LEGITIMATE PURPOSES OF PROCESSING PERSONAL DATA
3.3 PRINCIPLES
3.4 SUCCESS FACTORS
4. TRANSPARENCY THROUGH THE PRIVACY NOTICE
4.1 INTRODUCTION
4.2 WHAT IS MEANT BY TRANSPARENCY?
4.3 WHAT IS A PRIVACY NOTICE OR STATEMENT?
4.4 WHO IS THE PRIVACY NOTICE MEANT FOR?
4.5 WHAT ARE THE KEY REQUIREMENTS FOR A PRIVACY NOTICE?
4.6 WHAT ARE THE CONTENTS OF A PRIVACY NOTICE?
4.7 WHO ARE THE KEY CONTRIBUTORS TO A PRIVACY NOTICE?
4.8 HOW OFTEN SHOULD THIS BE UPDATED?
4.9 SUCCESS FACTORS
5. INVENTORY OF PROCESSING ACTIVITIES AND RETENTION
5.1 INTRODUCTION
5.2 INVENTORY OF PROCESSING ACTIVITIES – WHAT, AND WHY?
5.3 RETENTION OF PERSONAL DATA – WHAT, AND WHY?
5.4 FULFILLING INVENTORY AND RETENTION REQUIREMENTS – WHO, AND HOW?
5.5 SUCCESS FACTORS
6. DATA SUBJECT ACCESS RIGHTS AND CONSENT
6.1 INTRODUCTION
6.2 CONSENT – WHAT IS IT?
6.3 WHAT ARE THE KEY REQUIREMENTS RELATED TO CONSENT?
6.4 WHO IS RESPONSIBLE FOR SEEKING CONSENT?
6.5 WHO ARE THE DATA SUBJECTS WHO NEED TO PROVIDE CONSENT?
6.6 WHAT ARE THE SCENARIOS IN WHICH CONSENT MAY BE REQUIRED?
6.7 DATA SUBJECT ACCESS RIGHTS
6.8 WHO CAN MAKE A REQUEST IN LINE WITH DATA SUBJECT ACCESS RIGHTS?
6.9 HOW CAN A DATA SUBJECT MAKE A REQUEST IN LINE WITH DATA SUBJECT ACCESS RIGHTS?
6.10 HOW LONG CAN A COMPANY TAKE TO ANSWER A DSAR?
6.11 CAN THE DATA SUBJECT BE CHARGED FOR A DSAR?
6.12 HOW SHOULD A DSAR BE HANDLED?
6.13 ARE THERE ANY EXEMPTIONS WHEN ANSWERING A DSAR?
6.14 CAN A DSAR BE REJECTED?
6.15 SUCCESS FACTORS
7. DATA PROTECTION IMPACT ASSESSMENT
7.1 INTRODUCTION
7.2 WHAT IS A DATA PROTECTION IMPACT ASSESSMENT?
7.3 WHAT IS THE PURPOSE OF A DPIA?
7.4 WHEN SHOULD A DPIA BE CONDUCTED?
7.5 WHAT ARE THE STEPS OF A DPIA, AND WHO SHOULD CONDUCT IT?
7.6 SUCCESS FACTORS
8. DATA SECURITY AND PRIVACY BY DESIGN
8.1 INTRODUCTION
8.2 WHAT IS PRIVACY BY DESIGN?
8.3 WHAT ARE THE CONSEQUENCES OF PRIVACY BY DESIGN?
8.4 WHAT ARE THE POLICIES THAT SHOULD BE IMPLEMENTED TO ENSURE SECURITY OF PERSONAL DATA?
8.5 BEST PRACTICES TO IMPLEMENT PRIVACY BY DESIGN POLICIES
8.6 SUCCESS FACTORS
9. PERSONAL DATA TRANSFERS AND MANAGING THIRD PARTIES
9.1 INTRODUCTION
9.2 WHAT IS MEANT BY DATA TRANSFERS?
9.3 WHAT ARE THE REQUIREMENTS WHEN TRANSFERRING DATA, BOTH IN THE EU AND OUTSIDE OF THE EU?
9.3.1. HOW CAN DATA TRANSFERS BE ENABLED?
9.3.2. HOW TO MANAGE THIRD PARTIES
9.3.3. MANAGING EXISTING THIRD PARTIES
9.4 HANDLING NEW CONTRACTS WITH THIRD PARTIES
9.5 SUCCESS FACTORS
10. DATA BREACHES
10.1 INTRODUCTION
10.2 WHAT IS A DATA BREACH, AND WHAT ARE THE FINES RELATED TO A DATA BREACH?
10.3 WHAT ARE THE CONTENTS OF A DATA BREACH NOTIFICATION?
10.4 HOW SHOULD A PERSONAL DATA BREACH BE REPORTED?
10.5 WHAT SHOULD BE DONE ONCE A DATA BREACH IS IDENTIFIED?
10.6 INFORMING SUPERVISORY AUTHORITIES AND DATA SUBJECTS
10.7 WHAT SHOULD BE DONE AFTER A DATA BREACH?
10.8 SUCCESS FACTORS
11. DATA PROTECTION OFFICER
11.1 INTRODUCTION
11.2 WHAT IS THE DPO ROLE, AND WHY IS IT NEEDED?
11.3 WHAT ARE THE RESPONSIBILITIES OF A DPO?
11.4 CAN YOU HIRE AN EXTERNAL DPO?
11.5 IMPORTANT TO NOTE IF YOU CHOSE TO APPOINT A DPO
11.6 SUCCESS FACTORS
12. GETTING YOUR ORGANISATION TO GDPR COMPLIANCE
12.1 INTRODUCTION
12.2 WHAT IS THE FIRST THING TO DO?
12.3 WHO ARE THE KEY STAKEHOLDERS?
12.4 ESTABLISH THE PROJECT
12.5 CHOOSING AN EXTERNAL CONSULTANT
12.6 GDPR READINESS ASSESSMENT
12.7 IDENTIFY RISKS AND MAKE A PLAN
12.8 DEFINE A DATA PROTECTION POLICY
12.9 COMMUNICATION
12.10 AWARENESS AND TRAINING
12.11 KEY SUCCESS FACTORS TO REMAIN COMPLIANT WITH THE GDPR
12.12 REVIEW AWARENESS ON PRIVACY AND PROTECTION MATTERS
12.13 INTERNAL OR EXTERNAL AUDIT
12.14 REGULAR REVIEWS AND CONTINUAL IMPROVEMENT
12.15 KEEP LOOKING FORWARD
12.16 SUCCESS FACTORS
APPENDIX A – PROJECT CHECKLIST FOR EU GDPR IMPLEMENTATION
APPENDIX B – DIAGRAM OF THE EU GDPR IMPLEMENTATION PROCESS
APPENDIX C – KEY DELIVERABLES FOR COMPLIANCE WITH GDPR
BIBLIOGRAPHY
ACKNOWLEDGEMENTS
Thank you to Namita Bhatia (my wife), for being patient with my ideas.
To Yash Bhatia (my son), for bringing new ideas and energy into my life.
And to Dejan Kosutic, for reviewing this book and improving it.
And, special thanks go to all my family, colleagues and friends who stand by me, work with me, and challenge me to learn every day. I also take this opportunity to thank Advisera for publishing this book.
1. INTRODUCTION
The European Union General Data Protection Regulation (GDPR) is a key regulation in the field of privacy. So, in this section, we’ll cover the following:
Which companies need to be compliant with GDPR?
How is this book structured?
Who is this book for?
Note: Beyond the above questions, this book elaborates on the key requirements of GDPR and provides a simple introduction to setting and monitoring your GDPR compliance project.
1.1 Which organisations need to be compliant with the GDPR?
The General Data Protection Regulation is a significant piece of legislation, applicable to the processing of personal data of individuals in the European Union. The key
Enjoying the preview?
Page 1 of 1