A clear, concise primer on the EU GDPR
The EU General Data Protection Regulation will unify data protection and ease the flow of personal data across the EU when it comes into force in May 2018, superseding national data protection laws like the UK’s Data Protection Act 1998 (DPA), and will apply to every organization in the world that does business with EU residents.
The Regulation introduces a number of key changes for organizations – and the change from DPA compliance to GDPR compliance is a complex one. EU GDPR – A Pocket Guide provides an accessible overview of the changes you need to make in your organization to comply with the new law.
EU GDPR – A Pocket Guide sets out:
A brief history of data protection and national data protection laws in the EU (such as the UK DPA, German BDSG, and French LIL).
The terms and definitions used in the GDPR, including explanations.
The key requirements of the GDPR, including:
Which fines apply to which Articles;
The six principles that should be applied to any collection and processing of personal data;
The Regulation’s applicability;
Data subjects’ rights;
Data protection impact assessments (DPIAs);
The role of the data protection officer (DPO) and whether you need one;
Data breaches, and the notification of supervisory authorities and data subjects;
Obligations for international data transfers.
How to comply with the Regulation, including:
Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);
The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);
The “appropriate technical and organisational measures” you need to take to ensure your compliance with the Regulation.
A full index of the Regulation, enabling you to find relevant Articles quickly and easily.
About the author
Alan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cybersecurity expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.