A concise introduction to the EU GDPR
The EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU from 25 May 2018, when it will automatically supersede member states’ domestic data protection laws.
It will also apply to every organisation in the world that processes personal information of EU residents.
The Regulation introduces a number of key changes for all organisations that process EU residents’ personal data.
EU GDPR: A Pocket Guide provides an essentiall introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations.
EU GDPR – A Pocket Guide sets out:
- A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA).
- The terms and definitions used in the GDPR, including explanations.
- The key requirements of the GDPR, including:
- Which fines apply to which Articles;
- The six principles that should be applied to any collection and processing of personal data;
- The Regulation’s applicability;
- Data subjects’ rights;
- Data protection impact assessments (DPIAs);
- The role of the data protection officer (DPO) and whether you need one;
- Data breaches, and the notification of supervisory authorities and data subjects;
- Obligations for international data transfers.
- How to comply with the Regulation, including:
- Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);
- The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data);
- The “appropriate technical and organisational measures” you need to take to ensure your compliance with the Regulation.
- A full index of the Regulation, enabling you to find relevant Articles quickly and easily.
About the author
Alan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.
Quickly understand your organisation’s new obligations under the EU GDPR, and learn the essential compliance steps needed to avoid costly fines.