Understand your GDPR obligations and prioritise the steps you need to
take to comply
The GDPR gives individuals significant rights over how their personal
information is collected and processed, and places a range of
obligations on organisations to be more accountable for data protection.
The Regulation applies to all data controllers and processors that
handle EU residents' personal information. It supersedes the 1995 EU
Data Protection Directive and all EU member states' national laws that
are based on it - including the UK's DPA (Data Protection Act) 1998.
Failure to comply with the Regulation could result in fines of up to 20
million or 4% of annual global turnover - whichever is greater. This
guide is a perfect companion for anyone managing a GDPR compliance
project. It provides a detailed commentary on the Regulation, explains
the changes you need to make to your data protection and information
security regimes, and tells you exactly what you need to do to avoid
severe financial penalties.
Clear and comprehensive guidance to simplify your GDPR compliance
project
Now in its fourth edition, EU General Data Protection Regulation
(GDPR) - An implementation and compliance guide provides clear and
comprehensive guidance on the GDPR. It explains the Regulation and sets
out the obligations of data processors and controllers in terms you can
understand.
Topics covered include:
- The DPO (data protection officer) role, including whether you need one
and what they should do;
- Risk management and DPIAs (data protection impact assessments),
including how, when and why to conduct one;
- Data subjects' rights, including consent and the withdrawal of
consent, DSARs (data subject access requests) and how to handle them,
and data controllers and processors' obligations;
- Managing personal data internationally, including updated guidance
following the Schrems II ruling;
- How to adjust your data protection processes to comply with the GDPR,
and the best way of demonstrating that compliance; and
- A full index of the Regulation to help you find the articles and
stipulations relevant to your organisation.
Supplemental material
While most of the EU GDPR's requirements are broadly unchanged in the UK
GDPR, the context is quite different and will have knock-on effects. You
may need to update contracts regarding EU-UK data transfers, incorporate
standard contractual clauses into existing agreements, and update your
policies, processes and procedural documentation as a result of these
changes.
We have published a supplement that sets out specific extra or amended
information for this pocket guide. Click here to download the
supplement.
About the authors
The IT Governance Privacy Team, led by Alan Calder, has substantial
experience in privacy, data protection, compliance and information
security. This practical experience, their understanding of the
background and drivers for the GDPR, and the input of expert consultants
and trainers are combined in this must-have guide to GDPR compliance.
Start your compliance journey now and buy this book today.