EU General Data Protection Regulation (GDPR) - an Implementation and Compliance Guide, Fourth Edition

Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation.

Detalles Bibliográficos
Autor principal: IT Governance Privacy Team, I. T. Governance
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Ely : IT Governance Ltd, 2020.
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • Title
  • Copyright
  • About the Author
  • Contents
  • Introduction
  • The purpose of the GDPR
  • Structure of the Regulation
  • Impact on the EU
  • Implementing the GDPR
  • A note on the UK and Brexit
  • Key definitions
  • Part 1: Core considerations for the GDPR
  • Chapter 1: Scope, controllers and processors
  • Scope of the GDPR
  • Controller and processor
  • Data controllers
  • Joint controllers
  • Data processors
  • Controllers that are processors
  • Controllers and processors outside the EU
  • Records of processing
  • Demonstrating compliance
  • Chapter 2: Data processing principles
  • Principle 1: Lawfulness, fairness and transparency
  • Principle 2: Purpose limitation
  • Principle 3: Data minimisation
  • Principle 4: Accuracy
  • Principle 5: Storage limitation
  • Principle 6: Integrity and confidentiality
  • Accountability and compliance
  • Chapter 3: Data subjects' rights
  • Fair processing
  • The right to access
  • The right to rectification
  • The right to be forgotten
  • The right to restriction of processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision-making
  • Part 2: Building compliance
  • Chapter 4: Privacy compliance frameworks
  • Material scope
  • Territorial scope
  • Governance
  • Objectives
  • Key processes
  • Personal information management systems
  • ISO/IEC 27001: 2013
  • Selecting and implementing a compliance framework
  • Implementing the framework
  • Chapter 5: Information security as part of data protection
  • Personal data breaches
  • Anatomy of a data breach
  • Sites of attack
  • Securing your information
  • ISO 27001
  • NIST standards
  • Ten Steps to Cyber Security
  • Cyber Essentials
  • The information security policy
  • Assuring information security
  • Governance of information security
  • Information security beyond the organisation's borders
  • Chapter 6: Lawfulness and consent
  • Consent in a nutshell
  • Withdrawing consent
  • Alternatives to consent
  • Practicalities of consent
  • Children
  • Special categories of personal data
  • Data relating to criminal convictions and offences
  • Chapter 7: Subject access requests
  • Receiving a request
  • The information to provide
  • Data portability
  • Responsibilities of the data controller
  • Processes and procedures
  • Options for confirming the requester's identity
  • Records to examine
  • Time and money
  • Dealing with bulk subject access requests
  • Right to refusal
  • The process flow
  • Chapter 8: Role of the data protection officer
  • Voluntary designation of a data protection officer
  • Undertakings that share a DPO
  • DPO on a service contract
  • Publication of DPO contact details
  • Position of the DPO
  • Necessary resources
  • Acting in an independent manner
  • Protected role of the DPO
  • Conflicts of interest
  • Specification of the DPO
  • Duties of the DPO
  • The DPO and the organisation

Ejemplares similares