These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribut

These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. GDPR MetaCompliance Special Edition by Chad Russell, Data Privacy Expert Shane Fuller, CIPP/E, CIPM These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. GDPR For Dummies®, MetaCompliance Special Edition Published by: John Wiley & Sons, Ltd., The Atrium, Southern Gate Chichester, West Sussex, www.wiley.com © 2017 by John Wiley & Sons, Ltd., Chichester, West Sussex Registered Office John Wiley & Sons, Ltd., The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, United Kingdom All rights reserved No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted by the UK Copyright, Designs and Patents Act 1988, without the prior written permission of the Publisher. For information about how to apply for permission to reuse the copyright material in this book, please see our website http://www.wiley.com/go/ permissions. Trademarks: Wiley, For Dummies, the Dummies Man logo, The Dummies Way, Dummies.com, Making Everything Easier, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Ltd., is not associated with any product or vendor mentioned in this book. LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: WHILE THE PUBLISHER AND AUTHOR HAVE USED THEIR BEST EFFORTS IN PREPARING THIS BOOK, THEY MAKE NO REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THIS BOOK AND SPECIFICALLY DISCLAIM ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. IT IS SOLD ON THE UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING PROFESSIONAL SERVICES AND NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. IF PROFESSIONAL ADVICE OR OTHER EXPERT ASSISTANCE IS REQUIRED, THE SERVICES OF A COMPETENT PROFESSIONAL SHOULD BE SOUGHT. For general information on our other products and services, or how to create a custom For Dummies book for your business or organisation, please contact info@dummies.biz. ISBN 978‐1‐119‐41925‐9 (pbk); ISBN 978‐1‐119‐41926‐6 (ebk) Printed in Bell & Bain Ltd, Glasgow 10 9 8 7 6 5 4 3 2 1 Publisher’s Acknowledgments Some of the people who helped bring this book to market include the following: Project Editor: Claire Ruston Acquisitions Editor: Katie Mohr Editorial Manager: Rev Mengle Business Development Representative: Frazer Hossack MetaCompliance review team: Robert O’Brien and Ellen Mackay Production Editor: Selvakumaran Rajendiran These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. Contents at a Glance Introduction................................................................................................ 1 Chapter 1: Introducing the GDPR and the Data Privacy Challenge................................................................................ 3 Chapter 2: Summarising GDPR Best Practices..................................... 11 Chapter 3: Putting in Place a Privacy Management Programme. ....... 19 Chapter 4: The Preparation Phase – Establishing Organisational Readiness................................................................. 29 Chapter 5: The Operational Phase – Embedding Compliant Operational Behaviours.................................................................... 37 Chapter 6: The Maintenance Phase – Demonstrating Accountability through Oversight. .................................................. 49 Chapter 7: Ten Things to do now to Prepare for GDPR...................... 57 These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. Introduction A s a line of business leader within your organisation, you’re focused on your core area of responsibility. That could be marketing, human resources, operations or a number of other functions within the company. You may have heard rumblings around the office about a new data privacy regulation coming from the EU called GDPR. If you’re wondering what GDPR is and how it might impact your area of responsibility, GDPR For Dummies is for you. About This Book In the pages of this book, we explain to you what GDPR is and its potential impact across the various departments and divi- sions of your business. GDPR is the General Data Protection Regulation. It’s a new EU mandate designed to ensure data privacy and enhance con- trol of personal data for EU citizens. If your organisation interacts with EU citizens or businesses in any way, then you’re subject to the obligations defined in this mandate. Icons Used in This Book What are icons? They’re those little pictures you find in the margins of this book. They’re there to make a special point. Here are the icons you’ll come across: This icon identifies useful bits of information that will help you understand the impact of GDPR and get handy tips on how to manage this. These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. GDPR For Dummies, MetaCompliance Special Edition  2 Even if you don’t read every word in this book, you’ll want to take in the key points about GDPR that are marked with these icons. There are lots of technical details around data privacy and GDPR. This icon indicates particularly technical information that might interest you. This icon points out situations that just could get you and your organisation into trouble, so heed the advice. Where to Go from Here It’s important that you gain an understanding of how your organisation as a whole will need to address GDPR so you can understand your place and part in addressing what needs to be done. Reading this book cover to cover will help you do just that. However, if your time is tight and you’re not able to read every word at this very minute, feel free to skip around to whichever section of the book addresses your particular needs. Pick what you want, and you’ll find that you have the basic facts you need to evaluate the areas that might be rel- evant to your area of responsibility. These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. Introducing the GDPR and the Data Privacy Challenge In This Chapter ▶ ▶An overview of GDPR ▶ ▶Understanding the relevance of GDPR for your organisation T he General Data Protection Regulation (GDPR) is an iteration of the existing data protection law defined and enforced by the EU. The purpose of GDPR is to safeguard EU citizens along with their corresponding private information. GDPR is a substantial overhaul of the data protection laws that have evolved over the past three decades, bringing it in line with the new digital world of Google, Facebook, Twitter and the like. GDPR allows for EU Data Subjects (EU citizens whose data is being processed) to be granted certain rights and protec- tions relative to their personal information. As you’ll see in this book, personal information can include a myriad of data types, including but not limited to: ✓ ✓First and last name ✓ ✓Bank account information ✓ ✓Address ✓ ✓Medical records ✓ ✓Passport information ✓ ✓Personal email addresses Chapter 1 These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited. GDPR For Dummies, MetaCompliance Special Edition  4 ✓ ✓Credit card information ✓ ✓Photos and videos ✓ ✓Usernames and passwords An Overview of the GDPR The GDPR replaces the EU’s Data Protection Directive and unifies a patchwork of 28 differing privacy laws that cur- rently exist across the EU into a consolidated and enforceable Regulation. Looking at the history of GDPR As shown in Figure 1‐1, GDPR is an evolution of European data privacy laws that began in 1970 with the first Data Protection Law, which was legislated in Hessen, Germany during the mainframe era. Figure 1-1:  GDPR timeline. These materials are © 2017 John Wiley & Sons, Ltd. Any dissemination, distribution, or unauthorized use is strictly prohibited.  Chapter 1: Introducing the GDPR and the Data Privacy Challenge 5 In 1983, the Right of Information Self‐Determination was proclaimed by Germany’s highest court, and in 1995, the EU Directive on Data Protection was formally established, placing restrictions on the processing of personal data and the move- ment of this data. The ‘Safe Harbour’ framework Implementation of the EU Directive proved to be cumbersome considering the technology boom of the early 2000s and the increased electronic communications and commerce taking place between US- and European‐based corporations and citizens. In order to ensure adequate protections while reducing compliance‐related friction, the US Department of Commerce and the European Commission developed the ‘Safe Harbour’ Framework. In short, the ‘Safe Harbour’ framework ensured minimal busi- ness interruptions between US and EU organisations. Numerous breaches in the latter 2000s While the initial idea with ‘Safe Harbour’ was to streamline business interactions between EU and US organisations, it arguably relaxed definitions and enforcement relative to EU citizens’ data privacy. Numerous US companies that processed EU citizens’ data were breached in the uploads/s1/ dummies-guide 1 .pdf

Tags
Administrationpersonal these should privacy wiley
Documents similaires
  • 19
  • 0
  • 0
Afficher les détails des licences
Licence et utilisation
Gratuit pour un usage personnel Attribution requise
Partager
  • Détails
  • Publié le Fev 07, 2022
  • Catégorie Administration
  • Langue French
  • Taille du fichier 3.0094MB