Intro to GDPR: A Plain English Guide to Compliance
By Punit Bhatia
()
About this ebook
Intro to GDPR is written by experienced data protection professional Punit Bhatia. Bhatia has served as the Privacy and Protection Officer in an EU-based bank and lecturer at the Solvay Brussels School of Economics and Management. He is Certified Information Privacy Professional ‑ Europe (CIPP-E), Certified Information Privacy Manager (CIPM), and Certified Outsourcing Professional (COP).
Bhatia will lead you through the complex journey to the GDPR compliance with the simple language and many practical examples. Whether you are a complete beginner or experienced data protection practitioner this book is the right resource for you.
Intro to GDPR is a complete guide to compliance. Bhatia uses the simple language, understandable to everyone in order to lead you from the introduction all the way to getting your organization GDPR compliant. In this book you will learn:
1. Which organisations need to be compliant with the GDPR?
2. Key terms in the GDPR. You will get familiarized with key terms that form the basis of the GDPR. You will learn definitions of terms: “Personal data”, “Special categories of personal data”, “Processing” difference between terms “Controller” and “Processor” and others.
3. Myths about the GDPR like “the GDPR is only applicable in the EU”, “The GDPR is about fines” and others.
4. Transparency through the privacy notice. As written in the book, “transparency is one of the key principles in the EU GDPR” so it is important to understand what is transparency and privacy notice but also what are the key requirements and contents of a privacy notice.
5. Data breaches. “GDPR requirements on data breaches are different for controllers and for processors” – this chapter will make you aware of data breach requirements and key actions that are required once a breach is detected.
6. What is the first thing to do to become compliant and what are the key factors to remain compliant with the GDPR, and much more.
Written in plain English, with many practical examples, Intro to GDPR is the only book you need on the subject of GDPR.
Related to Intro to GDPR
Related ebooks
Data Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsA Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide Rating: 5 out of 5 stars5/5EU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsData Protection and the Cloud: Are the risks too great? Rating: 4 out of 5 stars4/5Data Protection Officer Rating: 3 out of 5 stars3/5GDPR-standard data protection staff training: What employees & associates need to know by Dr Paweł Mielniczek Rating: 0 out of 5 stars0 ratingsA Practical Guide to IT Law Rating: 0 out of 5 stars0 ratingsThe Impact of the General Data Protection Regulation (GDPR) on the Online Advertising Market Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Data Privacy: A runbook for engineers Rating: 0 out of 5 stars0 ratingsIT Outsourcing Contracts: A Legal and Practical Guide Rating: 3 out of 5 stars3/5Data Protection Officer Rating: 0 out of 5 stars0 ratingsGdpr For Marketers And Online Businesses Rating: 0 out of 5 stars0 ratingsAn Introduction to Information Security and ISO27001:2013: A Pocket Guide Rating: 4 out of 5 stars4/5Information Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsAgreements, Forms and Checklists for Risk Managers: A Companion to Legal Risk Management for In-House Counsel and Managers Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsGDPR Compliance A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsGDPR For Dummies Rating: 0 out of 5 stars0 ratingsGDPR - Standard Data Protection System In 16 Steps Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsFundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5Information Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsData Risk Management Rating: 0 out of 5 stars0 ratings
Business & Financial Law For You
Disloyal: A Memoir: The True Story of the Former Personal Attorney to President Donald J. Trump Rating: 4 out of 5 stars4/5US Consumer Debt Relief: Industry, Overview, Laws & Regulations Rating: 0 out of 5 stars0 ratingsA Study of the Federal Reserve and its Secrets Rating: 4 out of 5 stars4/5Bookkeepers' Boot Camp: Get a Grip on Accounting Basics Rating: 5 out of 5 stars5/5Win In Court Every Time Rating: 5 out of 5 stars5/5Legal Guide for Starting & Running a Small Business Rating: 4 out of 5 stars4/5The Law (in Plain English) for Nonprofit Organizations Rating: 0 out of 5 stars0 ratingsIntroduction to Negotiable Instruments: As per Indian Laws Rating: 5 out of 5 stars5/5Law of Leverage: The Key to Exponential Wealth Rating: 4 out of 5 stars4/5The Chickenshit Club: Why the Justice Department Fails to Prosecute Executives Rating: 5 out of 5 stars5/5Insurance Ethics Training Rating: 5 out of 5 stars5/5Business Associations, Law Essentials: Governing Law for Law School and Bar Exam Prep Rating: 0 out of 5 stars0 ratingsBuffettology Rating: 4 out of 5 stars4/5Nolo's Quick LLC: All You Need to Know About Limited Liability Companies Rating: 5 out of 5 stars5/5Your Limited Liability Company: An Operating Manual Rating: 0 out of 5 stars0 ratingsThe SHRM Essential Guide to Employment Law, Second Edition: A Handbook for HR Professionals, Managers, Businesses, and Organizations Rating: 0 out of 5 stars0 ratingsLLC: LLC Quick start guide - A beginner's guide to Limited liability companies, and starting a business Rating: 5 out of 5 stars5/5AI For Lawyers: How Artificial Intelligence is Adding Value, Amplifying Expertise, and Transforming Careers Rating: 0 out of 5 stars0 ratingsUnshackled: How to Escape the Chains of Conventional Wisdom that Keep You Poor Rating: 0 out of 5 stars0 ratingsInternational Business Law: Cases and Materials Rating: 5 out of 5 stars5/5Business Law Made Simple: A Guide for Students Rating: 0 out of 5 stars0 ratingsThe Fifteen Percent: Overcoming Hardships and Achieving Lasting Success Rating: 5 out of 5 stars5/5Contracts: Essential Law Self-Teaching Guide Rating: 0 out of 5 stars0 ratingsLegal Guide for Starting & Running a Small Business Rating: 0 out of 5 stars0 ratingsBusiness Law: a QuickStudy Digital Reference Guide Rating: 0 out of 5 stars0 ratingsMergers and Acquisitions from A to Z Rating: 4 out of 5 stars4/5The Copyright Guide: How You Can Protect and Profit from Copyright (Fourth Edition) Rating: 0 out of 5 stars0 ratingsThe Taking of Getty Oil: Pennzoil, Texaco, and the Takeover Battle That Made History Rating: 4 out of 5 stars4/5
Reviews for Intro to GDPR
0 ratings0 reviews
Book preview
Intro to GDPR - Punit Bhatia
Intro to GDPR
Punit Bhatia
Intro to GDPR
A Plain English Guide to Compliance
Advisera Expert Solutions Ltd
Zagreb, Croatia
Copyright ©2018 by Advisera Expert Solutions Ltd
All rights reserved. No part of this book may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without written permission from the author, except for the inclusion of brief quotations in a review.
Limit of Liability / Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representation or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. This book does not contain all information available on the subject. This book has not been created to be specific to any individual’s or organisation’s situation or needs. You should consult with a professional where appropriate. The author and publisher shall have no liability or responsibility to any person or entity regarding any loss or damage incurred, or alleged to have been incurred, directly or indirectly, by the information contained in this book.
First published by Advisera Expert Solutions Ltd
Zavizanska 12, 10000 Zagreb
Kroatien
European Union
http://advisera.com/
Editor: Dejan Kosutic.
ISBN: 978-953-8155-18-51
First Edition, 2018
ABOUT THE AUTHOR
Punit Bhatia is a senior professional with more than 18 years of experience in executing change and leading transformation initiatives. Across three continents, Punit has led projects and programs of varying complexity in business and technology. Across multiple industries, he has experience on both sides of the table; i.e., he has served as a consultant who worked for IT consulting companies, and as a key influencer and driver who has defined and delivered change for large enterprises. He has proven expertise in the areas of data privacy, sourcing and vendor management, and digital transformation.
In the last three years, Punit has advised and driven multiple initiatives to ensure compliance with the EU General Data Protection Regulation (GDPR). Part of this effort has involved attending multiple events, exchanging implementation approaches and dialogue with many experts. Based on these experiences, he is an active speaker or panellist at many different GDPR and sourcing events. Punit is also the author of another book: Be Ready for GDPR
, which is available on Amazon in print and e-formats.
An engineer and MBA through qualifications, Punit is a Certified Information Privacy Professional – Europe (CIPP-E), a Certified Information Privacy Manager (CIPM), and a Certified Outsourcing Professional (COP). Punit delivers guest lectures at Solvay Brussels School of Economics and Management on topics of privacy and sourcing.
TABLE OF CONTENTS
ABOUT THE AUTHOR
ACKNOWLEDGEMENTS
1. EINLEITUNG
1.1 WHICH ORGANISATIONS NEED TO BE COMPLIANT WITH THE GDPR?
1.2 THE POSITIVE SIDE OF THE GDPR
1.3 HOW IS THIS BOOK STRUCTURED?
1.4 WHO IS THIS BOOK FOR?
1.5 ADDITIONAL RESOURCES
2. ORIGIN OF PRIVACY AND GDPR BASICS
2.1 INTRODUCTION
2.2 HISTORY OF PRIVACY
2.3 WHAT IS THE GDPR?
2.4 OBJECTIVES OF THE GDPR
2.5 WHO DOES THE GDPR APPLY TO?
2.6 RELATED FRAMEWORKS (ISO 27001 AND OTHER)
2.7 E-PRIVACY REGULATION
2.8 KEY TERMS IN THE GDPR
2.9 MYTHS ABOUT THE GDPR
2.10 BUSINESS ACTIVITIES THAT ARE MOST IMPACTED BY THE GDPR
2.11 SUCCESS FACTORS
3. LEGITIMATE PURPOSES, PRINCIPLES AND ROLES
3.1 INTRODUCTION
3.2 LEGITIMATE PURPOSES OF PROCESSING PERSONAL DATA
3.3 PRINCIPLES
3.4 SUCCESS FACTORS
4. TRANSPARENCY THROUGH THE PRIVACY NOTICE
4.1 INTRODUCTION
4.2 WHAT IS MEANT BY TRANSPARENCY?
4.3 WHAT IS A PRIVACY NOTICE OR STATEMENT?
4.4 WHO IS THE PRIVACY NOTICE MEANT FOR?
4.5 WHAT ARE THE KEY REQUIREMENTS FOR A PRIVACY NOTICE?
4.6 WHAT ARE THE CONTENTS OF A PRIVACY NOTICE?
4.7 WHO ARE THE KEY CONTRIBUTORS TO A PRIVACY NOTICE?
4.8 HOW OFTEN SHOULD THIS BE UPDATED?
4.9 SUCCESS FACTORS
5. INVENTORY OF PROCESSING ACTIVITIES AND RETENTION
5.1 INTRODUCTION
5.2 INVENTORY OF PROCESSING ACTIVITIES – WHAT, AND WHY?
5.3 RETENTION OF PERSONAL DATA – WHAT, AND WHY?
5.4 FULFILLING INVENTORY AND RETENTION REQUIREMENTS – WHO, AND HOW?
5.5 SUCCESS FACTORS
6. DATA SUBJECT ACCESS RIGHTS AND CONSENT
6.1 INTRODUCTION
6.2 CONSENT – WHAT IS IT?
6.3 WHAT ARE THE KEY REQUIREMENTS RELATED TO CONSENT?
6.4 WHO IS RESPONSIBLE FOR SEEKING CONSENT?
6.5 WHO ARE THE DATA SUBJECTS WHO NEED TO PROVIDE CONSENT?
6.6 WHAT ARE THE SCENARIOS IN WHICH CONSENT MAY BE REQUIRED?
6.7 DATA SUBJECT ACCESS RIGHTS
6.8 WHO CAN MAKE A REQUEST IN LINE WITH DATA SUBJECT ACCESS RIGHTS?
6.9 HOW CAN A DATA SUBJECT MAKE A REQUEST IN LINE WITH DATA SUBJECT ACCESS RIGHTS?
6.10 HOW LONG CAN A COMPANY TAKE TO ANSWER A DSAR?
6.11 CAN THE DATA SUBJECT BE CHARGED FOR A DSAR?
6.12 HOW SHOULD A DSAR BE HANDLED?
6.13 ARE THERE ANY EXEMPTIONS WHEN ANSWERING A DSAR?
6.14 CAN A DSAR BE REJECTED?
6.15 SUCCESS FACTORS
7. DATA PROTECTION IMPACT ASSESSMENT
7.1 INTRODUCTION
7.2 WHAT IS A DATA PROTECTION IMPACT ASSESSMENT?
7.3 WHAT IS THE PURPOSE OF A DPIA?
7.4 WHEN SHOULD A DPIA BE CONDUCTED?
7.5 WHAT ARE THE STEPS OF A DPIA, AND WHO SHOULD CONDUCT IT?
7.6 SUCCESS FACTORS
8. DATA SECURITY AND PRIVACY BY DESIGN
8.1 INTRODUCTION
8.2 WHAT IS PRIVACY BY DESIGN?
8.3 WHAT ARE THE CONSEQUENCES OF PRIVACY BY DESIGN?
8.4 WHAT ARE THE POLICIES THAT SHOULD BE IMPLEMENTED TO ENSURE SECURITY OF PERSONAL DATA?
8.5 BEST PRACTICES TO IMPLEMENT PRIVACY BY DESIGN POLICIES
8.6 SUCCESS FACTORS
9. PERSONAL DATA TRANSFERS AND MANAGING THIRD PARTIES
9.1 INTRODUCTION
9.2 WHAT IS MEANT BY DATA TRANSFERS?
9.3 WHAT ARE THE REQUIREMENTS WHEN TRANSFERRING DATA, BOTH IN THE EU AND OUTSIDE OF THE EU?
9.3.1. HOW CAN DATA TRANSFERS BE ENABLED?
9.3.2. HOW TO MANAGE THIRD PARTIES
9.3.3. MANAGING EXISTING THIRD PARTIES
9.4 HANDLING NEW CONTRACTS WITH THIRD PARTIES
9.5 SUCCESS FACTORS
10. DATA BREACHES
10.1 INTRODUCTION
10.2 WHAT IS A DATA BREACH, AND WHAT ARE THE FINES RELATED TO A DATA BREACH?
10.3 WHAT ARE THE CONTENTS OF A DATA BREACH NOTIFICATION?
10.4 HOW SHOULD A PERSONAL DATA BREACH BE REPORTED?
10.5 WHAT SHOULD BE DONE ONCE A DATA BREACH IS IDENTIFIED?
10.6 INFORMING SUPERVISORY AUTHORITIES AND DATA SUBJECTS
10.7 WHAT SHOULD BE DONE AFTER A DATA BREACH?
10.8 SUCCESS FACTORS
11. DATA PROTECTION OFFICER
11.1 INTRODUCTION
11.2 WHAT IS THE DPO ROLE, AND WHY IS IT NEEDED?
11.3 WHAT ARE THE RESPONSIBILITIES OF A DPO?
11.4 CAN YOU HIRE AN EXTERNAL DPO?
11.5 IMPORTANT TO NOTE IF YOU CHOSE TO APPOINT A DPO
11.6 SUCCESS FACTORS
12. GETTING YOUR ORGANISATION TO GDPR COMPLIANCE
12.1 INTRODUCTION
12.2 WHAT IS THE FIRST THING TO DO?
12.3 WHO ARE THE KEY STAKEHOLDERS?
12.4 ESTABLISH THE PROJECT
12.5 CHOOSING AN EXTERNAL CONSULTANT
12.6 GDPR READINESS ASSESSMENT
12.7 IDENTIFY RISKS AND MAKE A PLAN
12.8 DEFINE A DATA PROTECTION POLICY
12.9 COMMUNICATION
12.10 AWARENESS AND TRAINING
12.11 KEY SUCCESS FACTORS TO REMAIN COMPLIANT WITH THE GDPR
12.12 REVIEW AWARENESS ON PRIVACY AND PROTECTION MATTERS
12.13 INTERNAL OR EXTERNAL AUDIT
12.14 REGULAR REVIEWS AND CONTINUAL IMPROVEMENT
12.15 KEEP LOOKING FORWARD
12.16 SUCCESS FACTORS
APPENDIX A – PROJECT CHECKLIST FOR EU GDPR IMPLEMENTATION
APPENDIX B – DIAGRAM OF THE EU GDPR IMPLEMENTATION PROCESS
APPENDIX C – KEY DELIVERABLES FOR COMPLIANCE WITH GDPR
BIBLIOGRAPHY
ACKNOWLEDGEMENTS
Thank you to Namita Bhatia (my wife), for being patient with my ideas.
To Yash Bhatia (my son), for bringing new ideas and energy into my life.
And to Dejan Kosutic, for reviewing this book and improving it.
And, special thanks go to all my family, colleagues and friends who stand by me, work with me, and challenge me to learn every day. I also take this opportunity to thank Advisera for publishing this book.
1. EINLEITUNG
The European Union General Data Protection Regulation (GDPR) is a key regulation in the field of privacy. So, in this section, we’ll cover the following:
Which companies need to be compliant with GDPR?
How is this book structured?
Who is this book for?
Note: Beyond the above questions, this book elaborates on the key requirements of GDPR and provides a simple introduction to setting and monitoring your GDPR compliance project.
1.1 Which organisations need to be compliant with the GDPR?
The General Data Protection Regulation is a significant piece of legislation, applicable to the processing of personal data of individuals in the European Union. The key