EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition:
Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Ely
IT Governance Ltd
2020
|
| Zusammenfassung: | Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation |
| Beschreibung: | Description based on publisher supplied metadata and other sources |
| Beschreibung: | 1 Online-Ressource (386 Seiten) |
| ISBN: | 9781787782501 |
Internformat
MARC
| LEADER | 00000nmm a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV048220079 | ||
| 003 | DE-604 | ||
| 005 | 00000000000000.0 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 220516s2020 |||| o||u| ||||||eng d | ||
| 020 | |a 9781787782501 |9 978-1-78778-250-1 | ||
| 035 | |a (ZDB-30-PQE)EBC6371890 | ||
| 035 | |a (ZDB-30-PAD)EBC6371890 | ||
| 035 | |a (ZDB-89-EBL)EBL6371890 | ||
| 035 | |a (OCoLC)1319628246 | ||
| 035 | |a (DE-599)BVBBV048220079 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 100 | 1 | |a IT Governance Privacy Team, I. T. Governance |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| 264 | 1 | |a Ely |b IT Governance Ltd |c 2020 | |
| 264 | 4 | |c ©2020 | |
| 300 | |a 1 Online-Ressource (386 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Description based on publisher supplied metadata and other sources | ||
| 505 | 8 | |a Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance -- Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making -- Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy -- Assuring information security -- Governance of information security -- Information security beyond the organisation's borders | |
| 505 | 8 | |a Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures -- Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation -- The DPO and the supervisory authority -- Data protection impact assessments and risk management -- In-house or contract -- Chapter 9: Data mapping -- Objectives and outcomes -- Four elements of data flow -- Data mapping, DPIAs and risk management -- Part 3: Data protection impact assessments and risk management -- Chapter 10: Requirements for data protection impact assessments -- DPIAs -- Consulting with stakeholders -- Who needs to be involved? -- Data protection by design and by default -- Chapter 11: Risk management and DPIAs -- DPIAs as part of risk management -- Risk management standards and methodologies -- Risk responses -- Risk relationships -- Risk management and personal data -- Chapter 12: Conducting DPIAs -- Five key stages of the DPIA -- Identify the need for the DPIA -- Objectives and outcomes -- Consultation | |
| 505 | 8 | |a Describe the information flow -- Identify privacy and related risks -- Identify and evaluate privacy solutions -- Sign off and record the outcome -- Integrating the DPIA into the project plan -- Part 4: International transfers and incident management -- Chapter 13: Managing personal data internationally -- Key requirements -- Adequacy decisions -- Safeguards -- Binding corporate rules -- Standard contractual clauses -- Limited transfers -- Cloud services -- Chapter 14: Incident response management and reporting -- Notification -- Events vs incidents -- Types of incident -- Cyber security incident response plans -- Key roles in incident management -- Prepare -- Respond -- Follow up -- Part 5: Enforcement and transitioning to compliance -- Chapter 15: GDPR enforcement -- The hierarchy of authorities -- One-stop-shop mechanism -- Duties of supervisory authorities -- Powers of supervisory authorities -- Duties and powers of the European Data Protection Board -- Data subjects' rights to redress -- Administrative fines -- The Regulation's impact on other laws -- Chapter 16: Transitioning and demonstrating Compliance -- Transition frameworks -- Using policies to demonstrate compliance -- Codes of conduct and certification mechanisms -- Appendix 1: Index of the Regulation -- Appendix 2: EU/EEA national supervisory authorities -- Appendix 3: Implementation FAQ -- IT Governance resources -- Publishing services -- Certified GDPR training and staff awareness -- IT Governance training centre -- Professional services and consultancy -- Newsletter | |
| 520 | |a Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation | ||
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a IT Governance Privacy Team, I. T. Governance |t EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |d Ely : IT Governance Ltd,c2020 |
| 912 | |a ZDB-30-PQE | ||
| 999 | |a oai:aleph.bib-bvb.de:BVB01-033600825 | ||
Datensatz im Suchindex
| _version_ | 1804184000450789376 |
|---|---|
| adam_txt | |
| any_adam_object | |
| any_adam_object_boolean | |
| author | IT Governance Privacy Team, I. T. Governance |
| author_facet | IT Governance Privacy Team, I. T. Governance |
| author_role | aut |
| author_sort | IT Governance Privacy Team, I. T. Governance |
| author_variant | g p t i t g i gptitg gptitgi |
| building | Verbundindex |
| bvnumber | BV048220079 |
| collection | ZDB-30-PQE |
| contents | Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance -- Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making -- Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy -- Assuring information security -- Governance of information security -- Information security beyond the organisation's borders Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures -- Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation -- The DPO and the supervisory authority -- Data protection impact assessments and risk management -- In-house or contract -- Chapter 9: Data mapping -- Objectives and outcomes -- Four elements of data flow -- Data mapping, DPIAs and risk management -- Part 3: Data protection impact assessments and risk management -- Chapter 10: Requirements for data protection impact assessments -- DPIAs -- Consulting with stakeholders -- Who needs to be involved? -- Data protection by design and by default -- Chapter 11: Risk management and DPIAs -- DPIAs as part of risk management -- Risk management standards and methodologies -- Risk responses -- Risk relationships -- Risk management and personal data -- Chapter 12: Conducting DPIAs -- Five key stages of the DPIA -- Identify the need for the DPIA -- Objectives and outcomes -- Consultation Describe the information flow -- Identify privacy and related risks -- Identify and evaluate privacy solutions -- Sign off and record the outcome -- Integrating the DPIA into the project plan -- Part 4: International transfers and incident management -- Chapter 13: Managing personal data internationally -- Key requirements -- Adequacy decisions -- Safeguards -- Binding corporate rules -- Standard contractual clauses -- Limited transfers -- Cloud services -- Chapter 14: Incident response management and reporting -- Notification -- Events vs incidents -- Types of incident -- Cyber security incident response plans -- Key roles in incident management -- Prepare -- Respond -- Follow up -- Part 5: Enforcement and transitioning to compliance -- Chapter 15: GDPR enforcement -- The hierarchy of authorities -- One-stop-shop mechanism -- Duties of supervisory authorities -- Powers of supervisory authorities -- Duties and powers of the European Data Protection Board -- Data subjects' rights to redress -- Administrative fines -- The Regulation's impact on other laws -- Chapter 16: Transitioning and demonstrating Compliance -- Transition frameworks -- Using policies to demonstrate compliance -- Codes of conduct and certification mechanisms -- Appendix 1: Index of the Regulation -- Appendix 2: EU/EEA national supervisory authorities -- Appendix 3: Implementation FAQ -- IT Governance resources -- Publishing services -- Certified GDPR training and staff awareness -- IT Governance training centre -- Professional services and consultancy -- Newsletter |
| ctrlnum | (ZDB-30-PQE)EBC6371890 (ZDB-30-PAD)EBC6371890 (ZDB-89-EBL)EBL6371890 (OCoLC)1319628246 (DE-599)BVBBV048220079 |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06867nmm a2200373zc 4500</leader><controlfield tag="001">BV048220079</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">220516s2020 |||| o||u| ||||||eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781787782501</subfield><subfield code="9">978-1-78778-250-1</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC6371890</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC6371890</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL6371890</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1319628246</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV048220079</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">IT Governance Privacy Team, I. T. Governance</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Ely</subfield><subfield code="b">IT Governance Ltd</subfield><subfield code="c">2020</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2020</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (386 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance -- Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making -- Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy -- Assuring information security -- Governance of information security -- Information security beyond the organisation's borders</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures -- Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation -- The DPO and the supervisory authority -- Data protection impact assessments and risk management -- In-house or contract -- Chapter 9: Data mapping -- Objectives and outcomes -- Four elements of data flow -- Data mapping, DPIAs and risk management -- Part 3: Data protection impact assessments and risk management -- Chapter 10: Requirements for data protection impact assessments -- DPIAs -- Consulting with stakeholders -- Who needs to be involved? -- Data protection by design and by default -- Chapter 11: Risk management and DPIAs -- DPIAs as part of risk management -- Risk management standards and methodologies -- Risk responses -- Risk relationships -- Risk management and personal data -- Chapter 12: Conducting DPIAs -- Five key stages of the DPIA -- Identify the need for the DPIA -- Objectives and outcomes -- Consultation</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Describe the information flow -- Identify privacy and related risks -- Identify and evaluate privacy solutions -- Sign off and record the outcome -- Integrating the DPIA into the project plan -- Part 4: International transfers and incident management -- Chapter 13: Managing personal data internationally -- Key requirements -- Adequacy decisions -- Safeguards -- Binding corporate rules -- Standard contractual clauses -- Limited transfers -- Cloud services -- Chapter 14: Incident response management and reporting -- Notification -- Events vs incidents -- Types of incident -- Cyber security incident response plans -- Key roles in incident management -- Prepare -- Respond -- Follow up -- Part 5: Enforcement and transitioning to compliance -- Chapter 15: GDPR enforcement -- The hierarchy of authorities -- One-stop-shop mechanism -- Duties of supervisory authorities -- Powers of supervisory authorities -- Duties and powers of the European Data Protection Board -- Data subjects' rights to redress -- Administrative fines -- The Regulation's impact on other laws -- Chapter 16: Transitioning and demonstrating Compliance -- Transition frameworks -- Using policies to demonstrate compliance -- Codes of conduct and certification mechanisms -- Appendix 1: Index of the Regulation -- Appendix 2: EU/EEA national supervisory authorities -- Appendix 3: Implementation FAQ -- IT Governance resources -- Publishing services -- Certified GDPR training and staff awareness -- IT Governance training centre -- Professional services and consultancy -- Newsletter</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">IT Governance Privacy Team, I. T. Governance</subfield><subfield code="t">EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition</subfield><subfield code="d">Ely : IT Governance Ltd,c2020</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-033600825</subfield></datafield></record></collection> |
| id | DE-604.BV048220079 |
| illustrated | Not Illustrated |
| index_date | 2024-07-03T19:50:30Z |
| indexdate | 2024-07-10T09:32:23Z |
| institution | BVB |
| isbn | 9781787782501 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-033600825 |
| oclc_num | 1319628246 |
| open_access_boolean | |
| physical | 1 Online-Ressource (386 Seiten) |
| psigel | ZDB-30-PQE |
| publishDate | 2020 |
| publishDateSearch | 2020 |
| publishDateSort | 2020 |
| publisher | IT Governance Ltd |
| record_format | marc |
| spelling | IT Governance Privacy Team, I. T. Governance Verfasser aut EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition Ely IT Governance Ltd 2020 ©2020 1 Online-Ressource (386 Seiten) txt rdacontent c rdamedia cr rdacarrier Description based on publisher supplied metadata and other sources Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance -- Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making -- Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy -- Assuring information security -- Governance of information security -- Information security beyond the organisation's borders Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures -- Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation -- The DPO and the supervisory authority -- Data protection impact assessments and risk management -- In-house or contract -- Chapter 9: Data mapping -- Objectives and outcomes -- Four elements of data flow -- Data mapping, DPIAs and risk management -- Part 3: Data protection impact assessments and risk management -- Chapter 10: Requirements for data protection impact assessments -- DPIAs -- Consulting with stakeholders -- Who needs to be involved? -- Data protection by design and by default -- Chapter 11: Risk management and DPIAs -- DPIAs as part of risk management -- Risk management standards and methodologies -- Risk responses -- Risk relationships -- Risk management and personal data -- Chapter 12: Conducting DPIAs -- Five key stages of the DPIA -- Identify the need for the DPIA -- Objectives and outcomes -- Consultation Describe the information flow -- Identify privacy and related risks -- Identify and evaluate privacy solutions -- Sign off and record the outcome -- Integrating the DPIA into the project plan -- Part 4: International transfers and incident management -- Chapter 13: Managing personal data internationally -- Key requirements -- Adequacy decisions -- Safeguards -- Binding corporate rules -- Standard contractual clauses -- Limited transfers -- Cloud services -- Chapter 14: Incident response management and reporting -- Notification -- Events vs incidents -- Types of incident -- Cyber security incident response plans -- Key roles in incident management -- Prepare -- Respond -- Follow up -- Part 5: Enforcement and transitioning to compliance -- Chapter 15: GDPR enforcement -- The hierarchy of authorities -- One-stop-shop mechanism -- Duties of supervisory authorities -- Powers of supervisory authorities -- Duties and powers of the European Data Protection Board -- Data subjects' rights to redress -- Administrative fines -- The Regulation's impact on other laws -- Chapter 16: Transitioning and demonstrating Compliance -- Transition frameworks -- Using policies to demonstrate compliance -- Codes of conduct and certification mechanisms -- Appendix 1: Index of the Regulation -- Appendix 2: EU/EEA national supervisory authorities -- Appendix 3: Implementation FAQ -- IT Governance resources -- Publishing services -- Certified GDPR training and staff awareness -- IT Governance training centre -- Professional services and consultancy -- Newsletter Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation Erscheint auch als Druck-Ausgabe IT Governance Privacy Team, I. T. Governance EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition Ely : IT Governance Ltd,c2020 |
| spellingShingle | IT Governance Privacy Team, I. T. Governance EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance -- Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making -- Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy -- Assuring information security -- Governance of information security -- Information security beyond the organisation's borders Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures -- Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation -- The DPO and the supervisory authority -- Data protection impact assessments and risk management -- In-house or contract -- Chapter 9: Data mapping -- Objectives and outcomes -- Four elements of data flow -- Data mapping, DPIAs and risk management -- Part 3: Data protection impact assessments and risk management -- Chapter 10: Requirements for data protection impact assessments -- DPIAs -- Consulting with stakeholders -- Who needs to be involved? -- Data protection by design and by default -- Chapter 11: Risk management and DPIAs -- DPIAs as part of risk management -- Risk management standards and methodologies -- Risk responses -- Risk relationships -- Risk management and personal data -- Chapter 12: Conducting DPIAs -- Five key stages of the DPIA -- Identify the need for the DPIA -- Objectives and outcomes -- Consultation Describe the information flow -- Identify privacy and related risks -- Identify and evaluate privacy solutions -- Sign off and record the outcome -- Integrating the DPIA into the project plan -- Part 4: International transfers and incident management -- Chapter 13: Managing personal data internationally -- Key requirements -- Adequacy decisions -- Safeguards -- Binding corporate rules -- Standard contractual clauses -- Limited transfers -- Cloud services -- Chapter 14: Incident response management and reporting -- Notification -- Events vs incidents -- Types of incident -- Cyber security incident response plans -- Key roles in incident management -- Prepare -- Respond -- Follow up -- Part 5: Enforcement and transitioning to compliance -- Chapter 15: GDPR enforcement -- The hierarchy of authorities -- One-stop-shop mechanism -- Duties of supervisory authorities -- Powers of supervisory authorities -- Duties and powers of the European Data Protection Board -- Data subjects' rights to redress -- Administrative fines -- The Regulation's impact on other laws -- Chapter 16: Transitioning and demonstrating Compliance -- Transition frameworks -- Using policies to demonstrate compliance -- Codes of conduct and certification mechanisms -- Appendix 1: Index of the Regulation -- Appendix 2: EU/EEA national supervisory authorities -- Appendix 3: Implementation FAQ -- IT Governance resources -- Publishing services -- Certified GDPR training and staff awareness -- IT Governance training centre -- Professional services and consultancy -- Newsletter |
| title | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_auth | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_exact_search | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_exact_search_txtP | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_full | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_fullStr | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_full_unstemmed | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_short | EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition |
| title_sort | eu general data protection regulation gdpr an implementation and compliance guide fourth edition |
| work_keys_str_mv | AT itgovernanceprivacyteamitgovernance eugeneraldataprotectionregulationgdpranimplementationandcomplianceguidefourthedition |