: Punit Bhatia
: Intro to GDPR A Plain English Guide to Compliance
: Advisera Expert Solutions Ltd
: 9789538155185
: 1
: CHF 17.60
:
: Sonstiges
: English
: 137
: DRM
: PC/MAC/eReader/Tablet
: ePUB

Intro to GDPR is written by experienced data protection professional Punit Bhatia. Bhatia has served as the Privacy and Protection Officer in an EU-based bank and lecturer at the Solvay Brussels School of Economics and Management. He is Certified Information Privacy Professional - Europe (CIPP-E), Certified Information Privacy Manager (CIPM), and Certified Outsourcing Professional (COP).


Bhatia will lead you through the complex journey to the GDPR compliance with the simple language and many practical examples. Whether you are a complete beginner or experienced data protection practitioner this book is the right resource for you.


Intro to GDPR is a complete guide to compliance. Bhatia uses the simple language, understandable to everyone in order to lead you from the introduction all the way to getting your organization GDPR compliant. In this book you will learn:


1. Which organisations need to be compliant with the GDPR?


2. Key terms in the GDPR.You will get familiarized with key terms that form the basis of the GDPR. You will learn definitions of terms: 'Personal data', 'Special categories of personal data', 'Processing' difference between terms 'Controller' and 'Processor' and others.


3. Myths about the GDPRlike 'the GDPR is only applicable in the EU', 'The GDPR is about fines' and others.


4. Transparency through the privacy notice.As written in the book, 'transparency is one of the key principles in the EU GDPR' so it is important to understand what is transparency and privacy notice but also what are the key requirements and contents of a privacy notice.


5. Data breaches.'GDPR requirements on data breaches are different for controllers and for processors' - this chapter will make you aware of data breach requirements and key actions that are required once a breach is detected.


6. What is the first thing to do to become compliant and what are the key factors to remain compliant with the GDPR, and much more.


Written in plain English, with many practical examples,Intro to GDPR is the only book you need on the subject of GDPR.

1. INTRODUCTION


 

The European Union General Data Protection Regulation (GDPR) is a key regulation in the field of privacy. So, in this section, we’ll cover the following:

  • Which companies need to be compliant with GDPR?
  • How is this book structured?
  • Who is this book for?

Note: Beyond the above questions, this book elaborates on the key requirements of GDPR and provides a simple introduction to setting and monitoring your GDPR compliance project.

 

1.1 Which organisations need to be compliant with the GDPR?


The General Data Protection Regulation is a significant piece of legislation, applicable to the processing of personal data of individuals in the European Union. The key to understanding when the EU GDPR is applicable is to understand the meaning of “in the Union”. The EU GDPR will only apply to personal data about individuals within the Union, and the nationality or habitual residence of those individuals is irrelevant.

This implies that, for example, in a situation where a U.S. company that processes personal information of EU citizens in the U.S. for a service provided in the U.S., the EU GDPR would not be applicable to that company. However, if the same company processes personal information of EU citizens or any other persons presently in the EU for a service provided in the EU, the EU GDPR would be applicable to the company. So, irrespective of whether your organisation is based in Asia, Australia, America or any other continent, the GDPR may apply if your company provides services to, and / or processes the personal data of, individuals in the EU.

Some of the most commonly impacted industries and organisations include:

  1. Industries that provide services to individual customers: Industries wherein the core business is to provide services to individual customers generally include the processing of personal data on a large scale. These industries would include financial services, insurance, retail, etc. All of these companies would need to take significant steps to comply with the EU GDPR.
  2. Industries that provide marketing, business, process and system support services: A significant number of organisations provide business, process or system management services. All of these companies will become processors of personal data on behalf of their controllers (by whom they are contracted). While their controllers need to be GDPR-compliant, the GDPR also demands that processors be compliant, and they have the same liability if they do not fulfil this obligation. These organisations will include cloud-based services, platform-based services, law services, analytics, event management, marketing companies, etc.
  3. Automobile industry: Most automobile manufacturers love to collect and process personal data about who buys their products. But, with the GDPR being applicable, these companies would need to be more transparent with regard to what data they have, what they do with it, and why.
  4. Professional organisations: Most clubs or member organisations like football clubs, fitness clubs, golf clubs, tennis clubs, etc. collect the personal data of their members. At present, these organisations may not be transparent about what they collect and why; but, with GDPR coming into effect, the transparency requirements shall apply to these companies if their members are in the EU.
  5. Non-profit organisations and charities: Charities and non-profit organisations usually collect personal data. In some cases, they also keep information about the bank details of their members. At present, these organisations may not be obliged to disclose what personal data they collect and why, but with the GDPR coming into effect, the transparency requirements shall also apply to these companies if their members are in the EU.

In short, GDPR shall apply to your organization if your process person