An in-depth guide to the changes your organisation needs to make to comply with the EU GDPR.
The EU General Data Protection Regulation (GDPR) will supersede the 1995 EU Data Protection Directive (DPD) and all EU member states’ national laws based on it – including the UK Data Protection Act 1998 – in May 2018.
All organisations – wherever they are in the world – that process the personally identifiable information (PII) of EU residents must comply with the Regulation. Failure to do so could result in fines of up to €20 million or 4% of annual global turnover.
This book provides a detailed commentary on the GDPR, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.
EU GDPR – An Implementation and Compliance Guide is a clear and comprehensive guide to this new data protection law, explaining the Regulation, and setting out the obligations of data processors and controllers in terms you can understand.
Topics covered include:
- The role of the data protection officer (DPO) – including whether you need one and what they should do.
- Risk management and data protection impact assessments (DPIAs), including how, when and why to conduct a DPIA.
- Data subjects’ rights, including consent and the withdrawal of consent; subject access requests and how to handle them; and data controllers’ and processors’ obligations.
- International data transfers to “third countries” – including guidance on adequacy decisions and appropriate safeguards; the EU-US Privacy Shield; international organisations; limited transfers; and Cloud providers.
- How to adjust your data protection processes to transition to GDPR compliance, and the best way of demonstrating that compliance.
- A full index of the Regulation to help you find the articles and stipulations relevant to your organisation.
The GDPR will have a significant impact on organisational data protection regimes around the world. EU GDPR – An implementation and Compliance Guide shows you exactly what you need to do to comply with the new law.
A note on post-Brexit data protection programmes
Karen Bradley MP, the Secretary of State for Culture, Media and Sport, confirmed on 24 October 2016 that the GDPR will apply in the UK.
“We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public”, she said.
The Information Commissioner, Elizabeth Denham, commented: “I see this as good news for the UK. One of the key drivers for data protection change is the importance and continuing evolution of the digital economy in the UK and around the world. That is why both the ICO and UK government have pushed for reform of the EU law for several years.”
About the authors
IT Governance is a leading global provider of IT governance, risk management and compliance expertise, and we pride ourselves on our ability to deliver a broad range of integrated, high-quality solutions that meet the real-world needs of our international client base.
Our privacy team – led by Alan Calder, Richard Campo and Adrian Ross – has substantial experience in privacy, data protection, compliance and information security. This experience, and our understanding of the background and drivers for the GDPR, are combined in this manual to provide the world’s first guide to implementing the new data protection regulation.