EPILOGUE
In "WE ARE DATA SUBJECTS" author Emin Hasic has expertly navigated the complexities of the General Data Protection Regulation (GDPR) to provide readers with a comprehensive understanding of the regulation and its compliance requirements...
eBOOK ● EPILOGUE● KNOWLEDGE BANK
RECOMMENDED TIPS FOR ORGANIZATIONS DEALING WITH PHYSICALLY DISABLED CITIZENS DATA TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Review Contracts: Review contracts with third-party processors to ensure that they are GDPR compliant and that you are satisfied with their data protection measures when it comes to physically disabled citizens' data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR ORGANIZATIONS DEALING WITH SENIORS DATA TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller when it comes to processing senior citizens' personal data and ensure that you have a legal basis for doing so...
eBOOK ● DIRECTORY ● KNOWLEDGE BANK
RECOMMENDED TIPS FOR ORGANIZATIONS DEALING WITH CHILDRENS DATA TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller when it comes to processing children's personal data and ensure that you have a legal basis for doing so...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR ORGANIZATIONS DEALING WITH SENSITIVE DATA TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR PHILANTHROPIC ORG. TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR GOVERNMENT AND PUBLIC OFFICES TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR MULTI-NATIONALS TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data across all countries and regions where your organization operates...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR LARGE-SIZED-BUSINESSES TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR MEDIUM-SIZED-BUSINESSES TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR SMALL-SIZED-BUSINESSES TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Understand your role as a Data Controller: Understand your responsibilities as a data controller and ensure that you have a legal basis for processing personal data...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
RECOMMENDED TIPS FOR MICRO-BUSINESSES TO BEGIN AND MAINTAIN GDPR COMPLIANCE
Appoint a Data Protection Leader: Appoint a person within the organization to take responsibility for data protection and ensure that GDPR is being followed...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
TIPS FOR MAINTAINING GDPR COMPLIANCE
We are delighted to offer a perspective on privacy backed by 3 decades of experience, with an honest and easy-to-understand approach to the GDPR which came into effect in 2018. Great effort has been put in to make the understanding and implementation of GDPR compliance as simple and practical as possible for you...
eBOOK ● CHAPTER 27● KNOWLEDGE BANK
YOUR FREQUENTLY ASKED QUESTIONS ANSWERED
What is the average cost per data breach for a small business? The average cost per data breach for a small business can vary widely depending on several factors, including the number of records lost, the type of data that was compromised...
eBOOK ● YOUR FREQUENTLY ASKED QUESTIONS ANSWERED ● KNOWLEDGE BANK
SIMILARITIES BETWEEN THE GDPR, APP and CCPA
The General Data Protection Regulation (GDPR), the Australian Privacy Principles (APPs), and the California Consumer Privacy Act (CCPA) are all data protection regulations that have similarities in terms of the rights and protections they provide to individuals regarding their personal information...
eBOOK ● CHAPTER 25● KNOWLEDGE BANK
SIMILARITIES BETWEEN GLOBAL REGULATIONS
Many of the privacy regulations listed share similar goals, such as protecting individuals' personal information and giving them control over how their data is collected, used, and shared...
eBOOK ● CHAPTER 25● KNOWLEDGE BANK
NOTABLE GLOBAL PRIVACY REGULATIONS AND LAWS
However, it's important to note that many countries have their own set of privacy laws and regulations, making it difficult for companies to navigate and comply with all of them...
eBOOK ● CHAPTER 25● KNOWLEDGE BANK
FAILING TO PROVIDE
Individuals with a copy of their personal data: in a commonly used and machine-readable format...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO OBTAIN
Explicit consent from individuals before collecting personal data from children under a certain age...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO NOTIFY
Individuals of any: automated decision-making or data profiling activities being conducted on their personal data...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO KEEP
Detailed records of any: data access requests received from individuals and the actions taken in response to those requests...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO IMPLEMENT
Adequate controls to detect and respond to data breaches...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO ENSURE
That personal data is collected in a way that is: easily accessible for individuals...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO DELETE
Failing to delete personal data from systems and backups after it has been securely disposed of...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO CONDUCT
Regular monitoring of: personal data processing activities to detect and prevent unauthorised access, use, or disclosure of personal data...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO COMPLY WITH
Data breach notification requirements by failing to promptly notify individuals and relevant authorities of a data breach...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FAILING TO APPOINT A
Data breach response team to handle potential violations...
eBOOK ● CHAPTER 24● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a data breach under GDPR? A data breach under the GDPR is defined as the unauthorised or accidental access, use, disclosure, alteration, or destruction of personal data...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A POLITICIAN
Politicians, like any other controller or processor, may process personal data for a variety of purposes, such as to communicate with constituents, to campaign for elections, or to perform their duties as public officials...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A POLITICAL OFFICE
Political Offices handle a significant amount of personal data of citizens, employees and other parties as part of their daily operations. This can include information such as names, addresses, contact details, and voting history...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A POLITICAL CANDIDATE
Political candidates handle a significant amount of personal data of voters and supporters as part of their campaigns and daily operations. This can include information such as names, addresses, contact details, and voting history...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A MARKETING COMPANY
Marketing companies handle a large amount of personal data of customers and clients as part of their daily operations, such as names, addresses, contact details, and purchase history. This information is often used to create targeted marketing campaigns and to improve customer engagement...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A SOCIAL MEDIA INFLUENCER
Social Media Influencers are individuals who use social media platforms to promote products or services and to connect with a large number of followers. They often handle personal data of their followers, such as their names, contact details, and social media handles...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A FOOD DELIVER SERVICE
Food delivery services handle a significant amount of personal data of customers and employees, as part of their daily operations. This can include information such as names, addresses, contact details, and payment information...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A JOURNALIST
Journalists are not exempt from the GDPR; however, they can rely on certain provisions of the GDPR that recognise the importance of protecting freedom of expression and the right to information. GDPR allows for the processing of personal data in certain circumstances where...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY HUMAN RESOURCES
Human resources professionals, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that human resources professionals must ensure that they are respecting the rights...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A COURT JUDGE
Court judges are not exempt from the GDPR, but they may rely on certain provisions of the GDPR that recognize the importance of protecting the administration of justice and the right to a fair trial. GDPR allows for the processing of personal data in certain circumstances where...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A PHARMACY
Pharmacies are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A RECEPTIONIST
Receptionists, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that receptionists must ensure that they are respecting the rights of individuals with regard to...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A RESTAURANT
Restaurants, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that restaurants must ensure that they are respecting the rights of individuals with regard to...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY AN ACCOUNTANT
Accountants, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that accountants must ensure that they are respecting the rights of individuals with regard to...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A POLICE OFFICER
Police officers are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A PUBLIC OFFICIAL
Public officials, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that public officials must ensure that they are respecting the rights of individuals with regard to...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A LAWYER
Lawyers are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A SCHOOL TEACHER
Teachers, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU)...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A DOCTOR/DENTIST
Doctors are not exempt from the GDPR, which is a set of regulations for data protection and privacy in the European Union (EU). The GDPR applies to all organisations that process the personal data of individuals within the EU, regardless of whether the organisation is located within the EU or not...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES WHEN WORKING REMOTELY
If an individual is working remotely as an employee of a company that is based within the EU and processes the personal data of individuals within the EU, then the company would be required to comply with the GDPR as a controller or processor of personal data...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
BREACHES BY A PRIVATE CITIZEN
Private citizens, as individuals, are considered data subjects under the GDPR and are therefore protected by the law. However, as private citizens, they do not have the obligation to comply with the GDPR. Instead, it is the controllers and processors of their personal data who are required to comply with the GDPR when processing their personal data...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
INTRODUCTION TO GDPR DATA BREACH SCENARIOS
A hospital or medical clinic would need to comply with the GDPR if they process the personal data of individuals within the European Union (EU). Hospitals and medical clinics are not exempt from the GDPR, which is a set of regulations for data protection and privacy in the European Union (EU)...
eBOOK ● CHAPTER 23● KNOWLEDGE BANK
INTRODUCTION TO RECITALS
The GDPR recitals serve as an important tool for understanding and interpreting the regulation's provisions. They provide valuable information about the purpose and intent of the GDPR, as well as how it should be applied in practice...
eBOOK ● CHAPTER 22● KNOWLEDGE BANK
20 SCENARIOS REGARDING GDPR FINES
DPO APPOINTMENT: A company fails to appoint a Data Protection Officer (DPO) as required by GDPR...
eBOOK ● CHAPTER 21● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
How much can a company be fined for non-compliance with GDPR? Companies can be fined up to 4% of their annual global revenue or €20 million (whichever is greater) for non-compliance with GDPR...
eBOOK ● CHAPTER 21● KNOWLEDGE BANK
THE GDPR ARTICLES WHICH ATTRACT FINES
The GDPR is comprised of 173 recitals and 99 articles, with 30 of the articles primarily carrying the bulk of fines for violations under the GDPR...
eBOOK ● CHAPTER 21● KNOWLEDGE BANK
THE SHORT MEDIUM AND LONG-TERM NEGATIVE IMPACT OF GDPR FINES
GDPR fines can have short, medium, and long-term negative impacts on a company. Short term impacts include immediate financial penalties and the cost of making necessary changes to comply with GDPR regulations...
eBOOK ● CHAPTER 21● KNOWLEDGE BANK
INTRODUCTION TO GDPR FINES
One aspect of GDPR that businesses should be aware of is the potential for fines in the event of non-compliance. If a business is found to be in violation of GDPR, it may be subject to a fine...
eBOOK ● CHAPTER 21● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is GDPR and why is it important for organisations to comply? GDPR stands for General Data Protection Regulation and it's a regulation set by EU that regulates the handling and processing of personal data of EU citizens...
eBOOK ● CHAPTER 20● KNOWLEDGE BANK
TIPS FOR MAINTAINING GDPR COMPLIANCE
Maintaining GDPR compliance can be a complex process, but there are several practical tips that organisations can follow to ensure compliance...
eBOOK ● CHAPTER 20● KNOWLEDGE BANK
INTRODUCTION TO MAINTAINING GDPR COMPLIANCE
Maintaining GDPR compliance is a continuous process that requires organisations to put in place appropriate measures and regularly review and update them to ensure that they are in compliance with the regulation at all times...
eBOOK ● CHAPTER 20● KNOWLEDGE BANK
POTENTIALLY VIOLATING DATA COLLECTION METHODS
It's important to note that the specific data privacy regulations that apply to all Industries and Companies, such as the GDPR, APP and CCPA, may vary depending on the jurisdiction in which the company operates...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
WHOLESALE INDUSTRY
The Wholesale Industry is a sector that includes companies that purchase goods from manufacturers or other wholesalers and resell them to retailers or directly to the end customers. These companies collect and process a wide range of personal data from a variety of sources, including from customers, vendors, and employees...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
VIRTUAL REALITY INDUSTRY
The Virtual Reality (VR) industry is a rapidly growing field that involves the use of technology to create immersive digital environments that can be experienced through VR headsets and other devices...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
VIDEO GAMING INDUSTRY
The Video Gaming Industry is a sector that includes companies that develop, publish, and distribute video games for a variety of platforms including consoles, PC, and mobile devices. These companies collect and process a wide range of personal data from a variety of sources, including from players, customers and users...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
UTILITIES INDUSTRY
The Utility Industry is a sector that includes companies that provide essential services such as electricity, gas, water, and waste management to households and businesses. These companies are responsible for the generation, transmission, and distribution of these services...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
TELECOMMUNICATIONS INDUSTRY
The Telecommunications Industry is an essential aspect of modern society and plays a critical role in connecting people and businesses around the world. It encompasses a wide range of companies and organisations that provide services such as telephone, internet, and television...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
TECHNOLOGY INDUSTRY
The Technology Industry is a rapidly growing and constantly evolving field that encompasses a wide range of companies and organisations that develop and utilise various forms of technology...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
STEEL INDUSTRY
The Steel Industry is a critical sector that produces a wide range of products, including structural steel, rebar, and stainless steel. The industry plays a vital role in the global economy by providing materials for construction, transportation, and other industries...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SPORTING INDUSTRY
The Sporting Industry is a multi-billion-dollar industry that encompasses a wide range of sports, teams, leagues, and events. As with any modern business, the sporting industry collects and processes a large amount of personal data from a variety of sources...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SPACE INDUSTRY
The Space Industry is a rapidly growing field that encompasses a wide range of activities, including satellite manufacturing and launch services, space exploration and research, and the development and operation of space-based infrastructure and services...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SOFTWARE INDUSTRY
The Software Industry is constantly evolving and growing, with new technologies and advancements being made every day. As a result, the industry is constantly collecting and processing a wide range of personal data from customers, employees, suppliers, and third parties...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SOCIAL MEDIA AND DIGITAL MARKETING INDUSTRY (SMDM)
The social media and digital marketing industry collect and process vast amounts of personal data from its users. This data is used to personalise the user experience, target advertising, and measure the effectiveness of marketing campaigns...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SMART WEARABLES / HEALTH MONITORING DEVICES INDUSTRY
A rapidly growing field that involves the production and development of devices that are worn by individuals and are able to track and monitor various aspects of their health and fitness. These devices include things like fitness trackers, smart watches, and other wearable health monitors...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SMART CITIES AND URBAN TECHNOLOGY INDUSTRY
A rapidly growing field that involves the integration of advanced technology into the infrastructure and systems of cities to improve the quality of life for residents and visitors. This includes everything from traffic management and public transportation systems, to energy and water management, to public safety and emergency response...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SHARING ECONOMY PLATFORMS INDUSTRY
Also known as the "gig economy," includes companies like Uber, Airbnb, and TaskRabbit, which provide online platforms for individuals to share goods, services, and experiences. This data collected is used for a variety of purposes, such as verifying identities, processing payments, and facilitating transactions...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SERVICES INDUSTRY
The Services Industry encompasses a wide range of businesses that provide services to customers, such as consulting, education, finance, healthcare, and legal services. These businesses typically collect a variety of personal data from customers, employees, suppliers, and third parties in order to provide their services and conduct their operations...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
SCIENTIFIC INDUSTRY
The Scientific Industry is a broad field that encompasses a wide range of industries, including research and development, biotechnology, pharmaceuticals, and more. These companies often conduct research and experimentation in order to develop new products or technologies, and as a result, they often collect and process large amounts of personal data...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ROBOTICS AND AUTOMATION INDUSTRY
Involves the development and use of robots and automated systems for various applications such as manufacturing, logistics, healthcare, and transportation. These systems typically collect and process personal data from various sources, including sensors, cameras, and other forms of input...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
RETAIL INDUSTRY
The retail industry collects and processes a wide range of personal data from customers, employees, and suppliers. This includes data such as names, addresses, contact details, financial data, and purchasing history...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
REAL ESTATE INDUSTRY
The Real Estate Industry collects and processes a wide range of personal data from a variety of sources, including buyers, sellers, landlords, tenants, and property managers. This can include data such as names, addresses, contact details, financial data, ID numbers, and property data...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
QUANTUM COMPUTING INDUSTRY
The quantum computing industry is a relatively new field of technology, but it has the potential to revolutionise the way we process and store data. As companies and research institutions work to develop and improve quantum computing systems, they may collect and process personal data from a variety of sources...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
PUBLISHING INDUSTRY
The Publishing Industry collects and processes a wide range of data from authors, publishers, and readers. This includes personal data such as names, addresses, and contact details, as well as financial data such as bank account details and credit card numbers...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
PUBLIC TRANSPORT INDUSTRY
The Public Transport industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
PHARMACEUTICAL INDUSTRY
The Pharmaceutical industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as patients, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ONLINE EDUCATION AND DISTANCE LEARNING INDUSTRY
Also known as e-learning, encompasses a wide range of educational services and platforms that use technology to deliver educational content and resources to students. This includes everything from online universities and massive open online courses (MOOCs) to corporate training programs and individual tutoring services...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
OIL AND GAS INDUSTRY
The Oil and Gas Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
NEWS MEDIA INDUSTRY
The News Media industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, sources, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
NATURAL LANGUAGE PROCESSING (NLP) AND SPEECH RECOGNITION TECHNOLOGY INDUSTRY
The NLP industry involves the use of artificial intelligence and machine learning to process and understand human language. This technology is used in various applications such as virtual assistants, customer service chat-bots, and speech-to-text software...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MUSIC INDUSTRY
The Music industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MINING INDUSTRY
The Mining industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, contractors, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MIND-COMPUTER INTERFACE AND BRAIN-COMPUTER INTERFACE INDUSTRY
The mind-computer interface (MCI) and brain-computer interface (BCI) industry aims to develop technologies that allow people to interact with computers and other devices using their thoughts and brain activity...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MERCHANDISING INDUSTRY
The Merchandising Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MEDICAL TOURISM AND TELEMEDICINE INDUSTRY
Focused on providing medical services and treatments to patients who travel internationally or remotely. This industry collects and processes a wide range of personal data in order to provide these services...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MEDIA INDUSTRY
The Media industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
MANUFACTURING INDUSTRY
The Manufacturing industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
LOGISTICS INDUSTRY
The Logistics Industry is a sector that includes companies that provide transportation, warehousing, and logistics services for businesses and individuals. These companies are responsible for the movement of goods and materials from one location to another, as well as the storage and management of inventory...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
LEISURE INDUSTRY
The Leisure Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
LEGAL INDUSTRY
The Legal industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as clients, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INTERNET OF THINGS INDUSTRY (IOT)
The Internet of Things (IoT) industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INSURANCE INDUSTRY
The Insurance industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as policyholders, claimants, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INFRASTRUCTURE INDUSTRY
The Infrastructure industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INFORMATION TECHNOLOGY INDUSTRY
The data Technology (IT) Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INFORMATION INDUSTRY
The Information Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INDUSTRIAL ROBOTICS INDUSTRY
The Industrial Robotics Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
HOTEL/MOTEL/RENTAL/BED AND BREAKFAST INDUSTRY
The Hotel, Motel, Bed and Breakfast and Rental Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
HOSPITALITY INDUSTRY
The Hospitality industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as guests, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
HOME SHARING AND CO-LIVING INDUSTRY
Made up of companies that provide platforms for individuals to rent out their homes, apartments, or rooms to guests for short-term stays. These companies also provide co-living spaces, where individuals can rent a room in a shared apartment or house, often with shared common areas and amenities...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
HEALTHCARE SERVICES INDUSTRY
The Healthcare Services industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as patients, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
GREEN INDUSTRY
The Green Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
GAMING AND GAMBLING INDUSTRY
The Gaming and Gambling industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FORESTRY INDUSTRY
The Forestry industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FOOD INDUSTRY
The Food industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FISHING INDUSTRY
The Fishing industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FINANCIAL INDUSTRY
The Financial Services industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FILM INDUSTRY
The Film industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FASHION AND FOOTWEAR INDUSTRY
The Fashion and Footwear industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FARMING INDUSTRY
The Farming industry needs to be GDPR compliant because it deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ENTERTAINMENT INDUSTRY
The Entertainment industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ENGINEERING INDUSTRY
The Engineering industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ENERGY INDUSTRY
The Energy industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ELECTRONICS INDUSTRY
The Electronics industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ELECTRIC VEHICLES INDUSTRY
The electric vehicles (EVs) industry is a rapidly growing sector that designs, manufactures, and sells electric vehicles, as well as the components and infrastructure that support them. As a result, the industry collects and processes a wide range of personal data from various sources...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ELECTRIC POWER INDUSTRY
The Electric Power industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
EDUCATION INDUSTRY
The Education industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as students, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
E-COMMERCE AND ONLINE MARKETPLACE INDUSTRY
A highly data-driven industry that relies on the collection and processing of personal data to provide personalised experiences to users and to improve their services. This industry collects and processes personal data from various sources such as customers, sellers, and other third parties...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
DRONES AND AUTONOMOUS TRANSPORTATION INDUSTRY
The use of unmanned aerial vehicles (UAVs), also known as drones, and autonomous vehicles (AV) for various transportation and logistics applications. This industry includes a wide range of products and services, such as delivery drones, agricultural drones, search and rescue drones, and autonomous cars...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
DIGITAL HEALTH AND WELLNESS INDUSTRY
The use of technology, such as mobile apps, wearables, and internet-connected devices, to improve and manage health and wellness. This industry includes a wide range of products and services, such as fitness trackers, sleep monitoring devices, telemedicine platforms, and digital mental health tools...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
DEFENCE INDUSTRY
The Defence industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
CYBER-SECURITY INDUSTRY
The practice of protecting internet-connected systems, including hardware, software, and data, from attack, damage, or unauthorised access...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
CULTURAL INDUSTRY
The cultural industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, performers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
CREATIVE INDUSTRY
The creative industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, performers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
CONSTRUCTION INDUSTRY
The construction industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, contractors, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
COMPUTER INDUSTRY
The computer industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
CHEMICAL INDUSTRY
The chemical industry handles large amounts of personal data, including data of customers, employees, suppliers and other stakeholders, as well as data of individuals who may be affected by the company's operations and products...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
BLOCKCHAIN AND CRYPTOCURRENCY INDUSTRY
The use of decentralised digital ledgers, known as blockchains, to record and verify transactions. These transactions can include the transfer of digital currencies, such as Bitcoin, as well as the transfer of other assets, such as property and legal documents...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
BIOTECHNOLOGY AND GENETIC ENGINEERING INDUSTRY
The use of technology to manipulate the genetic makeup of living organisms for a variety of purposes, such as medicine, agriculture, and environmental conservation. This industry involves a wide range of activities, including genetic research, genetic testing, and genetic therapy...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
BIOMETRICS INDUSTRY
The Biometrics industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
BASIC METALS INDUSTRY
The basic metal industry, like any other industry that handles personal data, needs to be GDPR compliant because it involves the collection, storage, and use of personal data of individuals located in the European Union (EU)...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
AUTOMOTIVE INDUSTRY
The automotive industry needs to be GDPR compliant because it collects and processes large amounts of personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
AUGMENTED REALITY INDUSTRY
The use of technology that enhances or augments a user's perception of the real world. AR technology is used in a wide range of applications, such as gaming, education, and training, and can be delivered through various devices, including smartphones, tablets, and smart glasses...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ARTIFICIAL INTELLIGENCE INDUSTRY
The Artificial Intelligence (AI) Industry involves the development and deployment of systems and algorithms that can perform tasks that would typically require human intelligence, such as learning, problem-solving, and decision-making...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
AGRICULTURAL INDUSTRY
The agricultural industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
AEROSPACE INDUSTRY
The aerospace industry must comply with GDPR to protect EU individuals' data, such as employee, customer, pilot, and supplier data. This includes sensitive data like employment, financial, location, flight, and personal data...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED MATERIALS AND NANOTECHNOLOGY INDUSTRY
The development and use of new materials and technologies that are based on the manipulation of matter at the atomic and molecular scale, with a wide range of applications in fields such as electronics, energy, medicine, and transportation...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED MANUFACTURING AND 4.0 INDUSTRY
The use of technology-driven manufacturing methods that allow for the automation, digitisation, and optimisation of manufacturing processes. This technology-driven approach to manufacturing allows companies to increase efficiency, reduce costs, and improve product quality...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED FARMING TECHNIQUES INDUSTRY
The development and use of technology-driven farming methods that allow for the precise monitoring and management of crop growth, soil conditions, and weather patterns...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED BIOFUELS AND BIOENERGY INDUSTRY
The development and manufacturing of biofuels and bioenergy products that are derived from renewable sources such as plant materials, agricultural waste, and algae...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED BATTERY AND ENERGY STORAGE SYSTEMS INDUSTRY
The development and manufacturing of batteries and energy storage systems that are used to store energy generated from renewable sources such as solar and wind power...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
ADVANCED ANALYTICS AND BIG DATA INDUSTRY
The use of technologies such as machine learning, artificial intelligence, and statistical analysis to extract insights and knowledge from large sets of data...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
5G NETWORKS AND COMMUNICATION TECHNOLOGY INDUSTRY
The 5G networks and communication technology industry refers to the next generation of mobile networks that promise faster speeds, lower latency, and more capacity than current 4G networks...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
3D PRINTING AND ADDITIVE MANUFACTURING INDUSTRY
The 3D printing and additive manufacturing industry involves the use of technology to create physical objects by adding material layer by layer...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INDUSTRY BREAKDOWN
Even with 3 decades experience, it is difficult to develop a comprehensive strategy to protect against all potential data breaches across all industries, as the risk landscape is constantly changing...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
INTRODUCTION TO DATA PROTECTION REQUIREMENTS BY INDUSTRY
Data protection is an important issue that affects a wide range of industries and sectors...
eBOOK ● CHAPTER 19 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a supervisory authority? A supervisory authority is a government or regulatory body that is responsible for enforcing laws and regulations within a specific industry or sector...
eBOOK ● CHAPTER 18 ● KNOWLEDGE BANK
PREPARING FOR AND RESPONDING TO ENFORCEMENT
Enforcement actions are actions taken by a supervisory authority, such as a regulatory agency, to enforce compliance with laws and regulations. These actions can include fines, penalties, and sanctions...
eBOOK ● CHAPTER 18 ● KNOWLEDGE BANK
WORKING WITH SUPERVISORY AUTHORITIES
Working with supervisory authorities refers to the process of engaging with regulatory bodies that oversee specific industries or types of businesses...
eBOOK ● CHAPTER 18 ● KNOWLEDGE BANK
INTRODUCTION TO SUPERVISORY AUTHORITIES
Supervisory authorities are responsible for monitoring compliance with the GDPR and enforcing the regulation through the imposition of administrative fines and other sanctions...
eBOOK ● CHAPTER 18 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a third-party data processor? A company or organisation that processes data on behalf of a data controller. They handle data processing tasks such as storage, hosting, and analysis...
eBOOK ● CHAPTER 17 ● KNOWLEDGE BANK
CONTRACTUAL REQUIREMENTS FOR THIRD-PARTY PROCESSORS (TPPs)
When a company uses a third-party processor to handle personal data on its behalf, it's important to have a contract in place that clearly outlines the responsibilities of both parties. This contract is known as a "processor agreement."...
eBOOK ● CHAPTER 17 ● KNOWLEDGE BANK
SELECTING AND WORKING WITH THIRD-PARTY PAYMENT GATEWAY PROCESSORS
When it comes to accepting payments online, one of the most important decisions a business will make is choosing a third-party processor. A third-party processor, also known as a payment service provider (PSP) or merchant service provider (MSP)...
eBOOK ● CHAPTER 17 ● KNOWLEDGE BANK
SELECTING AND WORKING WITH THIRD-PARTY PROCESSORS
Selecting and working with third-party data processors can be a complex process, as it involves evaluating the capabilities of different companies and determining which one is the best fit for your organization’s needs...
eBOOK ● CHAPTER 17 ● KNOWLEDGE BANK
INTRODUCTION TO THIRD-PARTY PROCESSORS
Third-party processors, also known as data processors, are entities that process personal data on behalf of a data controller. These processors can take many forms, such as cloud providers, marketing firms, payment processors, and other service providers...
eBOOK ● CHAPTER 17 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is an international data transfer? An international data transfer refers to the transfer of personal data from a company or organisation in one country to a recipient in another country...
eBOOK ● CHAPTER 16 ● KNOWLEDGE BANK
APPROVED TRANSFER MECHANISMS
Under the GDPR, organisations are generally prohibited from transferring personal data (i.e., any information that relates to an identified or identifiable natural person) outside of the European Union (EU) and European Economic Area (EEA) unless certain conditions are met...
eBOOK ● CHAPTER 16 ● KNOWLEDGE BANK
INTRODUCTION TO THE RESTRICTIONS ON INTERNATIONAL DATA TRANSFERS
International data transfers refer to the movement of personal data outside of the country or region in which it was originally collected. With the increasing reliance on digital technology and the global nature of many businesses, international data transfers are becoming more common...
eBOOK ● CHAPTER 16 ● KNOWLEDGE BANK
10 SCENARIOS ON HOW ROGUE EMPLOYEES CAN EASILY CAUSE COMPANIES TO SUFFER DATA BREACHES
Physical theft of data storage devices such as hard drives or USB drives: A rogue employee may attempt to physically steal data storage devices from the company, potentially by slipping them into their pockets or bags when no one is looking...
eBOOK ● CHAPTER 15 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a data breach? A data breach is a violation of the GDPR that results in the unauthorised access, disclosure, alteration, or destruction of personal data. This can include incidents such as hacking, loss or theft of data, or human error...
eBOOK ● CHAPTER 15 ● KNOWLEDGE BANK
NOTIFICATION REQUIREMENTS FOR DATA BREACHES
Under the GDPR, organisations are required to notify data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals...
eBOOK ● CHAPTER 15 ● KNOWLEDGE BANK
DETECT, REPORT, AND INVESTIGATE DATA BREACHES
It is important to detect, report, and investigate data breaches because it allows organizations to quickly identify and address security vulnerabilities, protect sensitive information and mitigate the potential harm to affected individuals, and comply with legal and regulatory requirements...
eBOOK ● CHAPTER 15 ● KNOWLEDGE BANK
INTRODUCTION TO DATA BREACHES
A data breach is a security incident in which sensitive, confidential, or protected data is accessed, transmitted, or exposed without the authorization of the data owner or the organisation that is responsible for the data...
eBOOK ● CHAPTER 15 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a Data Subject Access Request (DSAR)? A DSAR is a request made by an individual for access to the personal data that an organisation holds about them. The General Data Protection Regulation (GDPR) gives individuals the right to access their personal data...
eBOOK ● CHAPTER 14 ● KNOWLEDGE BANK
RESPONDING TO A DSARs
Responding to Data Subject Access Requests (DSARs) involves several steps to ensure compliance with the General Data Protection Regulation (GDPR) and to meet the individual's request efficiently...
eBOOK ● CHAPTER 14 ● KNOWLEDGE BANK
HOW TO HANDLE DSARs
Handling Data Subject Access Requests (DSARs) involves several steps to ensure compliance with the General Data Protection Regulation (GDPR) and to meet the individual's request efficiently...
eBOOK ● CHAPTER 14 ● KNOWLEDGE BANK
INTRODUCTION TO DSAR
A Data Subject Access Request (DSAR) is a request made by an individual for access to the personal data that an organisation holds about them. This request is an individual's right under the General Data Protection Regulation (GDPR)...
eBOOK ● CHAPTER 14 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a Privacy Notice/Policy? A Privacy Notice/Policy (PNP) is a document that provides information to individuals about how their personal data will be collected, used, and shared by an organisation...
eBOOK ● CHAPTER 13 ● KNOWLEDGE BANK
PROVIDING PNPs TO DATA SUBJECTS
Privacy Notices/Policies should be provided to individuals at the time their personal data is collected and should be easily accessible on the organization’s website or through other means...
eBOOK ● CHAPTER 13 ● KNOWLEDGE BANK
WHAT TO INCLUDE IN A PRIVACY NOTICE/POLICY
Being honest and transparent in setting PNPs is essential for building trust with customers and complying with regulations. However, it is important to be aware of potential pitfalls such as being too vague or using complex language that can make it difficult for individuals to understand their rights...
eBOOK ● CHAPTER 13 ● KNOWLEDGE BANK
INTRODUCTION TO PRIVACY NOTICES/POLICIES
PNPs should be clear, concise, and easy to understand. They should be written in plain language and avoid using legal jargon...
eBOOK ● CHAPTER 13 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a DPR? A DPR is an individual or organisation that has been designated by a controller or processor to represent them in relation to their obligations under the GDPR...
eBOOK ● CHAPTER 12 ● KNOWLEDGE BANK
WHAT TO LOOK FOR IN A DPR
When selecting a data protection representative, it is important to look for individuals or entities that possess the necessary qualifications and skills to perform the role effectively. Some key characteristics to look for in a data protection representative may include...
eBOOK ● CHAPTER 12 ● KNOWLEDGE BANK
HOW TO APPOINT A DPR
If your organisation is required to appoint a data protection representative, there are a few steps you can follow to ensure that the appointment is made in an effective and compliant manner...
eBOOK ● CHAPTER 12 ● KNOWLEDGE BANK
WHEN YOU ARE REQUIRED TO APPOINT A DPR
Non-EU companies are required to appoint a Data Protection Representative (DPR) if they process personal data of individuals located in the European Union and do not have a physical presence within the EU. This is in accordance with GDPR...
eBOOK ● CHAPTER 12 ● KNOWLEDGE BANK
INTRODUCTION TO DPR
The data protection representative is responsible for helping the data controller or processor comply with the GDPR and other relevant data protection laws...
eBOOK ● CHAPTER 12 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a Data Protection Officer (DPO)? A DPO is an individual responsible for monitoring compliance with data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union...
eBOOK ● CHAPTER 11 ● KNOWLEDGE BANK
WHAT TO LOOK FOR IN A DPO
Finding a good Data Protection Officer (DPO) can be challenging for several reasons. Firstly, DPOs are required to have a high level of expertise in data protection laws and regulations, which can be difficult to find in the job market.
eBOOK ● CHAPTER 11 ● KNOWLEDGE BANK
HOW TO APPOINT A DPO
If your organisation is required to appoint a data protection officer (DPO), ensure that the appointment is made in an effective and compliant manner...
eBOOK ● CHAPTER 11 ● KNOWLEDGE BANK
WHEN YOU ARE REQUIRED TO APPOINT A DPO
When searching for a Data Protection Officer (DPO), you should look for someone who has a thorough understanding of data protection laws and regulations, such as the General Data Protection Regulation (GDPR)...
eBOOK ● CHAPTER 11 ● KNOWLEDGE BANK
INTRODUCTION TO DPO
The role of a DPO is to ensure that the organisation complies with data protection laws and regulations, such as the GDPR...
eBOOK ● CHAPTER 11 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a DPIA? A DPIA is a process designed to help organisations identify and minimize the data protection risks of a project or new processing activity. It involves evaluating the potential impacts on individuals' privacy rights and freedoms...
eBOOK ● CHAPTER 10 ● KNOWLEDGE BANK
THE HIDDEN TRAPS WHEN CONDUCTING A DPIA
When conducting a Data Protection Impact Assessment (DPIA), people may fall into several traps. One common trap is assuming that a DPIA is not necessary because the project or system is similar to something that has been done before...
eBOOK ● CHAPTER 10 ● KNOWLEDGE BANK
HOW TO CONDUCT A DPIA
When conducting a Data Protection Impact Assessment (DPIA), there are several potential pitfalls to watch out for. One pitfall is failing to identify all the personal data that will be collected, processed...
eBOOK ● CHAPTER 10 ● KNOWLEDGE BANK
WHEN TO CONDUCT A DPIA
Data Protection Impact Assessments (DPIAs) are an important tool for organisations that process personal data, as they help to ensure compliance with data protection laws and regulations...
eBOOK ● CHAPTER 10 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is data protection by design and by default? Data protection by design and by default refers to the principle that data protection considerations should be built into the development of products...
eBOOK ● CHAPTER 9 ● KNOWLEDGE BANK
APPLYING DATA PROTECTION BY DESIGN AND BY DEFAULT
Data Protection by Design and by Default is an approach to protecting personal data that involves considering data protection at every stage of the design and development process for products and services...
eBOOK ● CHAPTER 9 ● KNOWLEDGE BANK
KEY POINTS AND RISKS TO DATA PROTECTION BY DESIGN AND BY DEFAULT
Data protection by design and by default is a way to incorporate privacy and data protection into the design and default settings of a product, service, or system. It means that privacy is considered from the beginning...
eBOOK ● CHAPTER 9 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a legal basis for processing personal data? A legal basis refers to the specific laws, regulations, or conditions that allow for the collection, use, and storage of personal data...
eBOOK ● CHAPTER 8 ● KNOWLEDGE BANK
CHOOSING THE APPROPRIATE LEGAL BASIS FOR YOUR PROCESSING ACTIVITIES
Under the GDPR, it is important to carefully consider which legal basis applies to your processing activities...
eBOOK ● CHAPTER 8 ● KNOWLEDGE BANK
INTRODUCTION TO THE LEGAL BASES FOR PROCESSING PERSONAL DATA
A legal basis is needed to process personal data in order to protect the privacy and rights of individuals. Processing personal data without a legal basis may be considered a violation of data protection laws and regulations, and may result in legal penalties and fines...
eBOOK ● CHAPTER 8 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What are data subjects' rights? Data subjects' rights are the rights that individuals have with regard to their personal data, as set out in data protection laws and regulations such as the General Data Protection Regulation...
eBOOK ● CHAPTER 7 ● KNOWLEDGE BANK
HANDLING DATA SUBJECTS’ RIGHTS UNDER GDPR
To handle a DSAR, the first step is to verify the identity of the individual making the request. Once the identity is confirmed, search for and locate all personal data related to the individual...
eBOOK ● CHAPTER 7 ● KNOWLEDGE BANK
DATA SUBJECT RIGHTS OFFERED BY THE GDPR
THE RIGHT TO BE INFORMED: Data subjects have the right to be informed about the collection and use of their personal data...
eBOOK ● CHAPTER 7 ● KNOWLEDGE BANK
RESPONDING TO REQUESTS FROM DATA SUBJECTS
When a data subject (an individual whose personal data is being processed) makes a request to exercise their rights under data protection laws, it is the responsibility of the data controller (the entity that determines the purposes and means of processing personal data)...
eBOOK ● CHAPTER 7 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is a data protection policy? A data protection policy is a set of guidelines and procedures that an organisation puts in place to protect the personal data of its employees, customers, and other stakeholders from unauthorised access, use, or disclosure...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
APPOINTING A DATA PROTECTION REPRESENTATIVE (DPR)
An EU data protection representative (DPR) is an individual or organisation designated by a non-EU based company to represent the company in relation to its data protection obligations under the General Data Protection Regulation (GDPR)...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
APPOINTING A DATA PROTECTION OFFICER (DPO)
Appointing a data protection officer (DPO) involves identifying an individual or team who will be responsible for ensuring that your organisation's data protection practices and policies are compliant with data protection laws and regulations, such as GDPR...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
TRAINING EMPLOYEES ON DATA PROTECTION
Training employees on data protection involves providing them with the knowledge and skills they need to handle personal data in accordance with data protection laws and regulations, such as GDPR...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
IMPLEMENTING DATA PROTECTION PROCEDURES
To implement GDPR-compliant data protection procedures, you need to ensure that you have appropriate technical and organisational measures in place to protect personal data. This may include measures such as encryption, access controls...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
DEVELOPING A DATA PROTECTION POLICY
Developing a GDPR-compliant data protection policy involves several key steps. First, you need to assess what personal data you collect, process, and store, and for what purposes...
eBOOK ● CHAPTER 6 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
Why is it important to assess your business's GDPR compliance? Assessing your business's GDPR compliance is important because it helps to ensure that your organisation is complying with the GDPR...
eBOOK ● CHAPTER 5 ● KNOWLEDGE BANK
CONDUCTING A DATA PROTECTION IMPACT ASSESSMENT (DPIA)
A DPIA, or Data Protection Impact Assessment, is a process used to identify and assess the potential risks to the privacy of individuals that may result from a new processing activity, or from significant changes to an existing processing activity...
eBOOK ● CHAPTER 5 ● KNOWLEDGE BANK
ASSESSING YOUR CURRENT DATA PROTECTION POLICIES AND PROCEDURES
Assessing your current data protection policies and procedures means reviewing the policies and procedures that your organisation has in place to protect personal data and ensure that they are effective and comply with relevant laws and guidelines...
eBOOK ● CHAPTER 5 ● KNOWLEDGE BANK
DATA CONTROLLER OR PROCESSOR
A data controller is a person or organisation that determines the purposes and means of processing personal data...
eBOOK ● CHAPTER 5 ● KNOWLEDGE BANK
IDENTIFYING PERSONAL DATA THAT YOU PROCESS
Identifying personal data that your business processes means finding out what types of personal information your business collects, uses, and stores about individuals. Personal data is any information that can be used to identify a specific person...
eBOOK ● CHAPTER 5 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
Upskilling your staff with the GDPR is important because it helps to ensure that your organisation is compliant with the GDPR and that your staff are aware of their responsibilities and obligations under the GDPR...
eBOOK ● CHAPTER 4 ● KNOWLEDGE BANK
BENEFITS TO YOUR BUSINESS
Ensuring that your staff are trained and knowledgeable about GDPR and data protection (a process often referred to as "staff upskilling") can bring numerous benefits to your business...
eBOOK ● CHAPTER 4 ● KNOWLEDGE BANK
UPSKILLING TO GDPR
One important aspect of GDPR compliance is ensuring that your staff are trained and knowledgeable about data protection. This process is often referred to as "staff upskilling...
eBOOK ● CHAPTER 4 ● KNOWLEDGE BANK
DEFINITION OF STAFF UPSKILLING
Staff upskilling refers to the process of helping employees improve their skills and knowledge, often through training and professional development opportunities. This can be beneficial for businesses in a number of ways...
eBOOK ● CHAPTER 4 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What are the benefits of complying with the GDPR? Complying with the GDPR has a number of benefits for organisations, including...
eBOOK ● CHAPTER 3 ● KNOWLEDGE BANK
THE BENEFITS GDPR BRINGS TO YOUR BUSINESS
The GDPR is a data protection law that applies to the EU and EEA. While the GDPR imposes certain obligations on organisations, it also brings a number of benefits to businesses...
eBOOK ● CHAPTER 3 ● KNOWLEDGE BANK
DEFINITION OF GDPR COMPLIANCE
Compliance refers to the measures that organisations must take in order to comply with the GDPR, a data protection law that applies to the European Union (EU) and European Economic Area (EEA)...
eBOOK ● CHAPTER 3 ● KNOWLEDGE BANK
WHY YOU NEED TO GRASP GDPR TERMINOLOGY
It is important for businesses to grasp GDPR Terminology because the General Data Protection Regulation (GDPR) is a comprehensive data protection law that sets out strict rules for how personal data must be collected, used, and protected...
eBOOK ● CHAPTER 2 ● KNOWLEDGE BANK
DEFINITION OF GDPR TERMINOLOGY
GDPR Terminology refers to the specific terms and concepts used in the General Data Protection Regulation (GDPR); a comprehensive data protection law that applies to all businesses that process the personal data of individuals in the European Union (EU)...
eBOOK ● CHAPTER 2 ● KNOWLEDGE BANK
FREQUENTLY ASKED QUESTIONS
What is the GDPR? The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaces the 1995 EU Data Protection Directive and applies to all organisations that process the personal data of individuals in the European Union (EU), regardless of whether the processing takes place within the EU or not...
eBOOK ● CHAPTER 1 ● KNOWLEDGE BANK
OVERVIEW OF THE MAIN PROVISIONS OF GDPR
The main provisions of the GDPR are designed to give individuals in the EU more control over their personal data and to establish strict rules on how companies can collect, use, and store personal data...
eBOOK ● CHAPTER 1 ● KNOWLEDGE BANK
WHY GDPR IS IMPORTANT FOR BUSINESSES
For businesses, compliance with GDPR is important because non-compliance can result in significant fines. Fines for GDPR violations can range from €10 million to €20 million, or up to 4% of the business's global annual revenue for the previous financial year, whichever is greater...
eBOOK ● CHAPTER 1 ● KNOWLEDGE BANK
BIRTH OF THE GDPR
The GDPR was adopted in April 2016 and became fully enforceable in May 2018. It replaced the 1995 EU Data Protection Directive 95/46/EC and represents a significant strengthening and updating of EU data protection rules...