EPILOGUE

In "WE ARE DATA SUBJECTS" author Emin Hasic has expertly navigated the complexities of the General Data Protection Regulation (GDPR) to provide readers with a comprehensive understanding of the regulation and its compliance requirements...

eBOOKEPILOGUE KNOWLEDGE BANK 

TIPS FOR MAINTAINING GDPR COMPLIANCE

We are delighted to offer a perspective on privacy backed by 3 decades of experience, with an honest and easy-to-understand approach to the GDPR which came into effect in 2018. Great effort has been put in to make the understanding and implementation of GDPR compliance as simple and practical as possible for you...

eBOOKCHAPTER 27 KNOWLEDGE BANK 

SIMILARITIES BETWEEN THE GDPR, APP and CCPA

The General Data Protection Regulation (GDPR), the Australian Privacy Principles (APPs), and the California Consumer Privacy Act (CCPA) are all data protection regulations that have similarities in terms of the rights and protections they provide to individuals regarding their personal information...

eBOOKCHAPTER 25 KNOWLEDGE BANK 

BREACHES BY A POLITICIAN

Politicians, like any other controller or processor, may process personal data for a variety of purposes, such as to communicate with constituents, to campaign for elections, or to perform their duties as public officials...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A POLITICAL OFFICE

Political Offices handle a significant amount of personal data of citizens, employees and other parties as part of their daily operations. This can include information such as names, addresses, contact details, and voting history...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A POLITICAL CANDIDATE

Political candidates handle a significant amount of personal data of voters and supporters as part of their campaigns and daily operations. This can include information such as names, addresses, contact details, and voting history...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A MARKETING COMPANY

Marketing companies handle a large amount of personal data of customers and clients as part of their daily operations, such as names, addresses, contact details, and purchase history. This information is often used to create targeted marketing campaigns and to improve customer engagement...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A SOCIAL MEDIA INFLUENCER

Social Media Influencers are individuals who use social media platforms to promote products or services and to connect with a large number of followers. They often handle personal data of their followers, such as their names, contact details, and social media handles...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A JOURNALIST

Journalists are not exempt from the GDPR; however, they can rely on certain provisions of the GDPR that recognise the importance of protecting freedom of expression and the right to information. GDPR allows for the processing of personal data in certain circumstances where...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY HUMAN RESOURCES

Human resources professionals, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that human resources professionals must ensure that they are respecting the rights...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A COURT JUDGE

Court judges are not exempt from the GDPR, but they may rely on certain provisions of the GDPR that recognize the importance of protecting the administration of justice and the right to a fair trial. GDPR allows for the processing of personal data in certain circumstances where...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A PHARMACY

Pharmacies are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A RECEPTIONIST

Receptionists, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that receptionists must ensure that they are respecting the rights of individuals with regard to...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A RESTAURANT

Restaurants, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that restaurants must ensure that they are respecting the rights of individuals with regard to...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY AN ACCOUNTANT

Accountants, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that accountants must ensure that they are respecting the rights of individuals with regard to...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A POLICE OFFICER

Police officers are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A PUBLIC OFFICIAL

Public officials, like any other person or organisation, are required to comply with the GDPR when processing the personal data of individuals in the European Union (EU). This means that public officials must ensure that they are respecting the rights of individuals with regard to...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A LAWYER

Lawyers are not exempt from the GDPR, but like other businesses and organisations, they may be able to rely on certain provisions of the GDPR that allow for the processing of personal data for specific purposes...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A DOCTOR/DENTIST

Doctors are not exempt from the GDPR, which is a set of regulations for data protection and privacy in the European Union (EU). The GDPR applies to all organisations that process the personal data of individuals within the EU, regardless of whether the organisation is located within the EU or not...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES WHEN WORKING REMOTELY

If an individual is working remotely as an employee of a company that is based within the EU and processes the personal data of individuals within the EU, then the company would be required to comply with the GDPR as a controller or processor of personal data...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

BREACHES BY A PRIVATE CITIZEN

Private citizens, as individuals, are considered data subjects under the GDPR and are therefore protected by the law. However, as private citizens, they do not have the obligation to comply with the GDPR. Instead, it is the controllers and processors of their personal data who are required to comply with the GDPR when processing their personal data...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

INTRODUCTION TO GDPR DATA BREACH SCENARIOS

A hospital or medical clinic would need to comply with the GDPR if they process the personal data of individuals within the European Union (EU). Hospitals and medical clinics are not exempt from the GDPR, which is a set of regulations for data protection and privacy in the European Union (EU)...

eBOOKCHAPTER 23 KNOWLEDGE BANK 

INTRODUCTION TO RECITALS

The GDPR recitals serve as an important tool for understanding and interpreting the regulation's provisions. They provide valuable information about the purpose and intent of the GDPR, as well as how it should be applied in practice...

eBOOKCHAPTER 22 KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is GDPR and why is it important for organisations to comply? GDPR stands for General Data Protection Regulation and it's a regulation set by EU that regulates the handling and processing of personal data of EU citizens...

eBOOKCHAPTER 20 KNOWLEDGE BANK 

WHOLESALE INDUSTRY

The Wholesale Industry is a sector that includes companies that purchase goods from manufacturers or other wholesalers and resell them to retailers or directly to the end customers. These companies collect and process a wide range of personal data from a variety of sources, including from customers, vendors, and employees...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

VIRTUAL REALITY INDUSTRY

The Virtual Reality (VR) industry is a rapidly growing field that involves the use of technology to create immersive digital environments that can be experienced through VR headsets and other devices...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

VIDEO GAMING INDUSTRY

The Video Gaming Industry is a sector that includes companies that develop, publish, and distribute video games for a variety of platforms including consoles, PC, and mobile devices. These companies collect and process a wide range of personal data from a variety of sources, including from players, customers and users...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

UTILITIES INDUSTRY

The Utility Industry is a sector that includes companies that provide essential services such as electricity, gas, water, and waste management to households and businesses. These companies are responsible for the generation, transmission, and distribution of these services...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

TELECOMMUNICATIONS INDUSTRY

The Telecommunications Industry is an essential aspect of modern society and plays a critical role in connecting people and businesses around the world. It encompasses a wide range of companies and organisations that provide services such as telephone, internet, and television...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

TECHNOLOGY INDUSTRY

The Technology Industry is a rapidly growing and constantly evolving field that encompasses a wide range of companies and organisations that develop and utilise various forms of technology...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

STEEL INDUSTRY

The Steel Industry is a critical sector that produces a wide range of products, including structural steel, rebar, and stainless steel. The industry plays a vital role in the global economy by providing materials for construction, transportation, and other industries...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SPORTING INDUSTRY

The Sporting Industry is a multi-billion-dollar industry that encompasses a wide range of sports, teams, leagues, and events. As with any modern business, the sporting industry collects and processes a large amount of personal data from a variety of sources...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SPACE INDUSTRY

The Space Industry is a rapidly growing field that encompasses a wide range of activities, including satellite manufacturing and launch services, space exploration and research, and the development and operation of space-based infrastructure and services...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SOFTWARE INDUSTRY

The Software Industry is constantly evolving and growing, with new technologies and advancements being made every day. As a result, the industry is constantly collecting and processing a wide range of personal data from customers, employees, suppliers, and third parties...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SMART CITIES AND URBAN TECHNOLOGY INDUSTRY

A rapidly growing field that involves the integration of advanced technology into the infrastructure and systems of cities to improve the quality of life for residents and visitors. This includes everything from traffic management and public transportation systems, to energy and water management, to public safety and emergency response...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SHARING ECONOMY PLATFORMS INDUSTRY

Also known as the "gig economy," includes companies like Uber, Airbnb, and TaskRabbit, which provide online platforms for individuals to share goods, services, and experiences. This data collected is used for a variety of purposes, such as verifying identities, processing payments, and facilitating transactions...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SERVICES INDUSTRY

The Services Industry encompasses a wide range of businesses that provide services to customers, such as consulting, education, finance, healthcare, and legal services. These businesses typically collect a variety of personal data from customers, employees, suppliers, and third parties in order to provide their services and conduct their operations...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

SCIENTIFIC INDUSTRY

The Scientific Industry is a broad field that encompasses a wide range of industries, including research and development, biotechnology, pharmaceuticals, and more. These companies often conduct research and experimentation in order to develop new products or technologies, and as a result, they often collect and process large amounts of personal data...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ROBOTICS AND AUTOMATION INDUSTRY

Involves the development and use of robots and automated systems for various applications such as manufacturing, logistics, healthcare, and transportation. These systems typically collect and process personal data from various sources, including sensors, cameras, and other forms of input...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

RETAIL INDUSTRY

The retail industry collects and processes a wide range of personal data from customers, employees, and suppliers. This includes data such as names, addresses, contact details, financial data, and purchasing history...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

REAL ESTATE INDUSTRY

The Real Estate Industry collects and processes a wide range of personal data from a variety of sources, including buyers, sellers, landlords, tenants, and property managers. This can include data such as names, addresses, contact details, financial data, ID numbers, and property data...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

QUANTUM COMPUTING INDUSTRY

The quantum computing industry is a relatively new field of technology, but it has the potential to revolutionise the way we process and store data. As companies and research institutions work to develop and improve quantum computing systems, they may collect and process personal data from a variety of sources...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

PUBLISHING INDUSTRY

The Publishing Industry collects and processes a wide range of data from authors, publishers, and readers. This includes personal data such as names, addresses, and contact details, as well as financial data such as bank account details and credit card numbers...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

PUBLIC TRANSPORT INDUSTRY

The Public Transport industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

PHARMACEUTICAL INDUSTRY

The Pharmaceutical industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as patients, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ONLINE EDUCATION AND DISTANCE LEARNING INDUSTRY

Also known as e-learning, encompasses a wide range of educational services and platforms that use technology to deliver educational content and resources to students. This includes everything from online universities and massive open online courses (MOOCs) to corporate training programs and individual tutoring services...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

OIL AND GAS INDUSTRY

The Oil and Gas Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

NEWS MEDIA INDUSTRY

The News Media industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, sources, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

MUSIC INDUSTRY

The Music industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

MINING INDUSTRY

The Mining industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, contractors, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

MERCHANDISING INDUSTRY

The Merchandising Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

MEDIA INDUSTRY

The Media industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

MANUFACTURING INDUSTRY

The Manufacturing industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

LOGISTICS INDUSTRY

The Logistics Industry is a sector that includes companies that provide transportation, warehousing, and logistics services for businesses and individuals. These companies are responsible for the movement of goods and materials from one location to another, as well as the storage and management of inventory...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

LEISURE INDUSTRY

The Leisure Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

LEGAL INDUSTRY

The Legal industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as clients, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INSURANCE INDUSTRY

The Insurance industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as policyholders, claimants, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INFRASTRUCTURE INDUSTRY

The Infrastructure industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INFORMATION INDUSTRY

The Information Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INDUSTRIAL ROBOTICS INDUSTRY

The Industrial Robotics Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

HOSPITALITY INDUSTRY

The Hospitality industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as guests, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

HOME SHARING AND CO-LIVING INDUSTRY

Made up of companies that provide platforms for individuals to rent out their homes, apartments, or rooms to guests for short-term stays. These companies also provide co-living spaces, where individuals can rent a room in a shared apartment or house, often with shared common areas and amenities...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

HEALTHCARE SERVICES INDUSTRY

The Healthcare Services industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as patients, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

GREEN INDUSTRY

The Green Industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

GAMING AND GAMBLING INDUSTRY

The Gaming and Gambling industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FORESTRY INDUSTRY

The Forestry industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FOOD INDUSTRY

The Food industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FISHING INDUSTRY

The Fishing industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FINANCIAL INDUSTRY

The Financial Services industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FILM INDUSTRY

The Film industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FASHION AND FOOTWEAR INDUSTRY

The Fashion and Footwear industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

FARMING INDUSTRY

The Farming industry needs to be GDPR compliant because it deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ENTERTAINMENT INDUSTRY

The Entertainment industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ENGINEERING INDUSTRY

The Engineering industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ENERGY INDUSTRY

The Energy industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ELECTRONICS INDUSTRY

The Electronics industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ELECTRIC VEHICLES INDUSTRY

The electric vehicles (EVs) industry is a rapidly growing sector that designs, manufactures, and sells electric vehicles, as well as the components and infrastructure that support them. As a result, the industry collects and processes a wide range of personal data from various sources...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ELECTRIC POWER INDUSTRY

The Electric Power industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

EDUCATION INDUSTRY

The Education industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as students, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

E-COMMERCE AND ONLINE MARKETPLACE INDUSTRY

A highly data-driven industry that relies on the collection and processing of personal data to provide personalised experiences to users and to improve their services. This industry collects and processes personal data from various sources such as customers, sellers, and other third parties...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

DRONES AND AUTONOMOUS TRANSPORTATION INDUSTRY

The use of unmanned aerial vehicles (UAVs), also known as drones, and autonomous vehicles (AV) for various transportation and logistics applications. This industry includes a wide range of products and services, such as delivery drones, agricultural drones, search and rescue drones, and autonomous cars...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

DIGITAL HEALTH AND WELLNESS INDUSTRY

The use of technology, such as mobile apps, wearables, and internet-connected devices, to improve and manage health and wellness. This industry includes a wide range of products and services, such as fitness trackers, sleep monitoring devices, telemedicine platforms, and digital mental health tools...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

DEFENCE INDUSTRY

The Defence industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

CULTURAL INDUSTRY

The cultural industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, performers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

CREATIVE INDUSTRY

The creative industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, performers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

CONSTRUCTION INDUSTRY

The construction industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, contractors, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

COMPUTER INDUSTRY

The computer industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

CHEMICAL INDUSTRY

The chemical industry handles large amounts of personal data, including data of customers, employees, suppliers and other stakeholders, as well as data of individuals who may be affected by the company's operations and products...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

BLOCKCHAIN AND CRYPTOCURRENCY INDUSTRY

The use of decentralised digital ledgers, known as blockchains, to record and verify transactions. These transactions can include the transfer of digital currencies, such as Bitcoin, as well as the transfer of other assets, such as property and legal documents...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

BIOMETRICS INDUSTRY

The Biometrics industry needs to be GDPR compliant because it often deals with personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

BASIC METALS INDUSTRY

The basic metal industry, like any other industry that handles personal data, needs to be GDPR compliant because it involves the collection, storage, and use of personal data of individuals located in the European Union (EU)...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

AUTOMOTIVE INDUSTRY

The automotive industry needs to be GDPR compliant because it collects and processes large amounts of personal data of individuals located in the European Union (EU) such as customers, employees, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

AUGMENTED REALITY INDUSTRY

The use of technology that enhances or augments a user's perception of the real world. AR technology is used in a wide range of applications, such as gaming, education, and training, and can be delivered through various devices, including smartphones, tablets, and smart glasses...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ARTIFICIAL INTELLIGENCE INDUSTRY

The Artificial Intelligence (AI) Industry involves the development and deployment of systems and algorithms that can perform tasks that would typically require human intelligence, such as learning, problem-solving, and decision-making...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

AGRICULTURAL INDUSTRY

The agricultural industry needs to be GDPR compliant because it often deals with the personal data of individuals located in the European Union (EU) such as employees, customers, suppliers, and other stakeholders...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

AEROSPACE INDUSTRY

The aerospace industry must comply with GDPR to protect EU individuals' data, such as employee, customer, pilot, and supplier data. This includes sensitive data like employment, financial, location, flight, and personal data...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

ADVANCED MANUFACTURING AND 4.0 INDUSTRY

The use of technology-driven manufacturing methods that allow for the automation, digitisation, and optimisation of manufacturing processes. This technology-driven approach to manufacturing allows companies to increase efficiency, reduce costs, and improve product quality...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INDUSTRY BREAKDOWN

Even with 3 decades experience, it is difficult to develop a comprehensive strategy to protect against all potential data breaches across all industries, as the risk landscape is constantly changing...

eBOOKCHAPTER 19  KNOWLEDGE BANK 

INTRODUCTION TO THIRD-PARTY PROCESSORS

Third-party processors, also known as data processors, are entities that process personal data on behalf of a data controller. These processors can take many forms, such as cloud providers, marketing firms, payment processors, and other service providers...

eBOOKCHAPTER 17  KNOWLEDGE BANK 

APPROVED TRANSFER MECHANISMS

Under the GDPR, organisations are generally prohibited from transferring personal data (i.e., any information that relates to an identified or identifiable natural person) outside of the European Union (EU) and European Economic Area (EEA) unless certain conditions are met...

eBOOKCHAPTER 16  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is a data breach? A data breach is a violation of the GDPR that results in the unauthorised access, disclosure, alteration, or destruction of personal data. This can include incidents such as hacking, loss or theft of data, or human error...

eBOOKCHAPTER 15  KNOWLEDGE BANK 

DETECT, REPORT, AND INVESTIGATE DATA BREACHES

It is important to detect, report, and investigate data breaches because it allows organizations to quickly identify and address security vulnerabilities, protect sensitive information and mitigate the potential harm to affected individuals, and comply with legal and regulatory requirements...

eBOOKCHAPTER 15  KNOWLEDGE BANK 

INTRODUCTION TO DATA BREACHES

A data breach is a security incident in which sensitive, confidential, or protected data is accessed, transmitted, or exposed without the authorization of the data owner or the organisation that is responsible for the data...

eBOOKCHAPTER 15  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is a Data Subject Access Request (DSAR)? A DSAR is a request made by an individual for access to the personal data that an organisation holds about them. The General Data Protection Regulation (GDPR) gives individuals the right to access their personal data...

eBOOKCHAPTER 14  KNOWLEDGE BANK 

RESPONDING TO A DSARs

Responding to Data Subject Access Requests (DSARs) involves several steps to ensure compliance with the General Data Protection Regulation (GDPR) and to meet the individual's request efficiently...

eBOOKCHAPTER 14  KNOWLEDGE BANK 

HOW TO HANDLE DSARs

Handling Data Subject Access Requests (DSARs) involves several steps to ensure compliance with the General Data Protection Regulation (GDPR) and to meet the individual's request efficiently...

eBOOKCHAPTER 14  KNOWLEDGE BANK 

INTRODUCTION TO DSAR

A Data Subject Access Request (DSAR) is a request made by an individual for access to the personal data that an organisation holds about them. This request is an individual's right under the General Data Protection Regulation (GDPR)...

eBOOKCHAPTER 14  KNOWLEDGE BANK 

WHAT TO INCLUDE IN A PRIVACY NOTICE/POLICY

Being honest and transparent in setting PNPs is essential for building trust with customers and complying with regulations. However, it is important to be aware of potential pitfalls such as being too vague or using complex language that can make it difficult for individuals to understand their rights...

eBOOKCHAPTER 13  KNOWLEDGE BANK 

WHAT TO LOOK FOR IN A DPR

When selecting a data protection representative, it is important to look for individuals or entities that possess the necessary qualifications and skills to perform the role effectively. Some key characteristics to look for in a data protection representative may include...

eBOOKCHAPTER 12  KNOWLEDGE BANK 

HOW TO APPOINT A DPR

If your organisation is required to appoint a data protection representative, there are a few steps you can follow to ensure that the appointment is made in an effective and compliant manner...

eBOOKCHAPTER 12  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is a Data Protection Officer (DPO)? A DPO is an individual responsible for monitoring compliance with data protection regulations, such as the General Data Protection Regulation (GDPR) in the European Union...

eBOOKCHAPTER 11  KNOWLEDGE BANK 

WHAT TO LOOK FOR IN A DPO

Finding a good Data Protection Officer (DPO) can be challenging for several reasons. Firstly, DPOs are required to have a high level of expertise in data protection laws and regulations, which can be difficult to find in the job market.

eBOOKCHAPTER 11  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is a DPIA? A DPIA is a process designed to help organisations identify and minimize the data protection risks of a project or new processing activity. It involves evaluating the potential impacts on individuals' privacy rights and freedoms...

eBOOKCHAPTER 10  KNOWLEDGE BANK 

HOW TO CONDUCT A DPIA

When conducting a Data Protection Impact Assessment (DPIA), there are several potential pitfalls to watch out for. One pitfall is failing to identify all the personal data that will be collected, processed...

eBOOKCHAPTER 10  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is data protection by design and by default? Data protection by design and by default refers to the principle that data protection considerations should be built into the development of products...

eBOOKCHAPTER 9  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What are data subjects' rights? Data subjects' rights are the rights that individuals have with regard to their personal data, as set out in data protection laws and regulations such as the General Data Protection Regulation...

eBOOKCHAPTER 7  KNOWLEDGE BANK 

RESPONDING TO REQUESTS FROM DATA SUBJECTS

When a data subject (an individual whose personal data is being processed) makes a request to exercise their rights under data protection laws, it is the responsibility of the data controller (the entity that determines the purposes and means of processing personal data)...

eBOOKCHAPTER 7  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is a data protection policy? A data protection policy is a set of guidelines and procedures that an organisation puts in place to protect the personal data of its employees, customers, and other stakeholders from unauthorised access, use, or disclosure...

eBOOKCHAPTER 6  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

Upskilling your staff with the GDPR is important because it helps to ensure that your organisation is compliant with the GDPR and that your staff are aware of their responsibilities and obligations under the GDPR...

eBOOKCHAPTER 4  KNOWLEDGE BANK 

UPSKILLING TO GDPR

One important aspect of GDPR compliance is ensuring that your staff are trained and knowledgeable about data protection. This process is often referred to as "staff upskilling...

eBOOKCHAPTER 4  KNOWLEDGE BANK 

DEFINITION OF STAFF UPSKILLING

Staff upskilling refers to the process of helping employees improve their skills and knowledge, often through training and professional development opportunities. This can be beneficial for businesses in a number of ways...

eBOOKCHAPTER 4  KNOWLEDGE BANK 

DEFINITION OF GDPR TERMINOLOGY

GDPR Terminology refers to the specific terms and concepts used in the General Data Protection Regulation (GDPR); a comprehensive data protection law that applies to all businesses that process the personal data of individuals in the European Union (EU)...

eBOOKCHAPTER 2  KNOWLEDGE BANK 

FREQUENTLY ASKED QUESTIONS

What is the GDPR? The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaces the 1995 EU Data Protection Directive and applies to all organisations that process the personal data of individuals in the European Union (EU), regardless of whether the processing takes place within the EU or not...

eBOOKCHAPTER 1  KNOWLEDGE BANK 

WHY GDPR IS IMPORTANT FOR BUSINESSES

For businesses, compliance with GDPR is important because non-compliance can result in significant fines. Fines for GDPR violations can range from €10 million to €20 million, or up to 4% of the business's global annual revenue for the previous financial year, whichever is greater...

eBOOKCHAPTER 1  KNOWLEDGE BANK 

BIRTH OF THE GDPR

The GDPR was adopted in April 2016 and became fully enforceable in May 2018. It replaced the 1995 EU Data Protection Directive 95/46/EC and represents a significant strengthening and updating of EU data protection rules...

eBOOKCHAPTER 1  KNOWLEDGE BANK