| Description |
1 online resource (386 p.) |
| Contents |
Cover -- Title -- Copyright -- About the Author -- Contents -- Introduction -- The purpose of the GDPR -- Structure of the Regulation -- Impact on the EU -- Implementing the GDPR -- A note on the UK and Brexit -- Key definitions -- Part 1: Core considerations for the GDPR -- Chapter 1: Scope, controllers and processors -- Scope of the GDPR -- Controller and processor -- Data controllers -- Joint controllers -- Data processors -- Controllers that are processors -- Controllers and processors outside the EU -- Records of processing -- Demonstrating compliance |
|
Chapter 2: Data processing principles -- Principle 1: Lawfulness, fairness and transparency -- Principle 2: Purpose limitation -- Principle 3: Data minimisation -- Principle 4: Accuracy -- Principle 5: Storage limitation -- Principle 6: Integrity and confidentiality -- Accountability and compliance -- Chapter 3: Data subjects' rights -- Fair processing -- The right to access -- The right to rectification -- The right to be forgotten -- The right to restriction of processing -- The right to data portability -- The right to object -- Rights in relation to automated decision-making |
|
Part 2: Building compliance -- Chapter 4: Privacy compliance frameworks -- Material scope -- Territorial scope -- Governance -- Objectives -- Key processes -- Personal information management systems -- ISO/IEC 27001: 2013 -- Selecting and implementing a compliance framework -- Implementing the framework -- Chapter 5: Information security as part of data protection -- Personal data breaches -- Anatomy of a data breach -- Sites of attack -- Securing your information -- ISO 27001 -- NIST standards -- Ten Steps to Cyber Security -- Cyber Essentials -- The information security policy |
|
Assuring information security -- Governance of information security -- Information security beyond the organisation's borders -- Chapter 6: Lawfulness and consent -- Consent in a nutshell -- Withdrawing consent -- Alternatives to consent -- Practicalities of consent -- Children -- Special categories of personal data -- Data relating to criminal convictions and offences -- Chapter 7: Subject access requests -- Receiving a request -- The information to provide -- Data portability -- Responsibilities of the data controller -- Processes and procedures |
|
Options for confirming the requester's identity -- Records to examine -- Time and money -- Dealing with bulk subject access requests -- Right to refusal -- The process flow -- Chapter 8: Role of the data protection officer -- Voluntary designation of a data protection officer -- Undertakings that share a DPO -- DPO on a service contract -- Publication of DPO contact details -- Position of the DPO -- Necessary resources -- Acting in an independent manner -- Protected role of the DPO -- Conflicts of interest -- Specification of the DPO -- Duties of the DPO -- The DPO and the organisation |
| Summary |
Now in its fourth edition, this bestselling guide is the ideal companion for anyone carrying out a GDPR (General Data Protection Regulation) compliance project. It provides comprehensive guidance and practical advice on complying with the Regulation |
| Notes |
Description based upon print version of record |
|
The DPO and the supervisory authority |
| Subject |
Data protection -- Law and legislation -- European Union countries
|
|
LAW / Computer & Internet.
|
| Form |
Electronic book
|
| ISBN |
9781787782501 |
|
1787782506 |
|
