EU GDPR – An international guide to compliance
A clear, concise primer on the GDPR The GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents' personal data. While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure – after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk. EU GDPR – An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR. A concise pocket guide, it will help you understand: - The terms and definitions used in the GDPR, including explanations; - The key requirements of the GDPR, including: - Which fines apply to which Articles; - The principles that should be applied to any collection and processing of personal data; - The Regulation's applicability; - Data subjects' rights; - Data protection impact assessments; - The data protection officer role and whether you need one; - Data breaches, and notifying supervisory authorities and data subjects; and - Obligations for international data transfers. - How to comply with the Regulation, including: - Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); - The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); and - The "appropriate technical and organisational measures" you need to take to ensure compliance with the Regulation. - A full index of the Regulation, enabling you to find relevant Articles quickly and easily. Supplemental material While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes. We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement. About the author Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. He is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.
A clear, concise primer on the GDPR The GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents' personal data. While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure – after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk. EU GDPR – An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR. A concise pocket guide, it will help you understand: - The terms and definitions used in the GDPR, including explanations; - The key requirements of the GDPR, including: - Which fines apply to which Articles; - The principles that should be applied to any collection and processing of personal data; - The Regulation's applicability; - Data subjects' rights; - Data protection impact assessments; - The data protection officer role and whether you need one; - Data breaches, and notifying supervisory authorities and data subjects; and - Obligations for international data transfers. - How to comply with the Regulation, including: - Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); - The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); and - The "appropriate technical and organisational measures" you need to take to ensure compliance with the Regulation. - A full index of the Regulation, enabling you to find relevant Articles quickly and easily. Supplemental material While most of the EU GDPR's requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes. We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement. About the author Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. He is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.
Additional considerations
Chapter 4: Complying with the Regulation
Understanding your data: where it is and how it is used
Appropriate technical and organisational measures; ISO/IEC 27001 and ISO/IEC 27701
