EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition
Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | English |
| Published: |
Ely
IT Governance Ltd
2020
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Chapter 2: Data processing principles
- Principle 1: Lawfulness, fairness and transparency
- Principle 2: Purpose limitation
- Principle 3: Data minimisation
- Principle 4: Accuracy
- Principle 5: Storage limitation
- Principle 6: Integrity and confidentiality
- Accountability and compliance
- Chapter 3: Data subjects' rights
- Fair processing
- The right to access
- The right to rectification
- The right to be forgotten
- The right to restriction of processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making
- Options for confirming the requester's identity
- Records to examine
- Time and money
- Dealing with bulk subject access requests
- Right to refusal
- The process flow
- Chapter 8: Role of the data protection officer
- Voluntary designation of a data protection officer
- Undertakings that share a DPO
- DPO on a service contract
- Publication of DPO contact details
- Position of the DPO
- Necessary resources
- Acting in an independent manner
- Protected role of the DPO
- Conflicts of interest
- Specification of the DPO
- Duties of the DPO
- The DPO and the organisation
- Part 2: Building compliance
- Chapter 4: Privacy compliance frameworks
- Material scope
- Territorial scope
- Governance
- Objectives
- Key processes
- Personal information management systems
- ISO/IEC 27001: 2013
- Selecting and implementing a compliance framework
- Implementing the framework
- Chapter 5: Information security as part of data protection
- Personal data breaches
- Anatomy of a data breach
- Sites of attack
- Securing your information
- ISO 27001
- NIST standards
- Ten Steps to Cyber Security
- Cyber Essentials
- The information security policy
- Cover
- Title
- Copyright
- About the Author
- Contents
- Introduction
- The purpose of the GDPR
- Structure of the Regulation
- Impact on the EU
- Implementing the GDPR
- A note on the UK and Brexit
- Key definitions
- Part 1: Core considerations for the GDPR
- Chapter 1: Scope, controllers and processors
- Scope of the GDPR
- Controller and processor
- Data controllers
- Joint controllers
- Data processors
- Controllers that are processors
- Controllers and processors outside the EU
- Records of processing
- Demonstrating compliance
- Assuring information security
- Governance of information security
- Information security beyond the organisation's borders
- Chapter 6: Lawfulness and consent
- Consent in a nutshell
- Withdrawing consent
- Alternatives to consent
- Practicalities of consent
- Children
- Special categories of personal data
- Data relating to criminal convictions and offences
- Chapter 7: Subject access requests
- Receiving a request
- The information to provide
- Data portability
- Responsibilities of the data controller
- Processes and procedures