Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    EU GDPR – An international guide to compliance
    EU GDPR – An international guide to compliance
    EU GDPR – An international guide to compliance
    Ebook92 pages1 hour

    EU GDPR – An international guide to compliance

    By Alan Calder and Alistair (Male Synthesized Voice)

    ()

    Switch to audiobook
    Read preview

    About this ebook

    A clear, concise primer on the GDPR

    The GDPR aims to unify data protection and ease the flow of personal data across the EU. It applies to every organisation in the world that handles EU residents’ personal data.

    While the GDPR is not law in countries outside the EU, it is effectively part of the legislative environment for organisations that do business with the EU. This is enforced through a combination of international trade law and business pressure – after all, a partner in the EU is unlikely to want to risk engaging with a company in the US, Australia or Singapore (or anywhere else) that will put them at risk.

    EU GDPR – An international guide to compliance is the ideal resource for anyone wanting a clear primer on the principles of data protection and their obligations under the GDPR.

    A concise pocket guide, it will help you understand:

    • The terms and definitions used in the GDPR, including explanations;
    • The key requirements of the GDPR, including:
      • Which fines apply to which Articles;
      • The principles that should be applied to any collection and processing of personal data;
      • The Regulation’s applicability;
      • Data subjects’ rights;
      • Data protection impact assessments;
      • The data protection officer role and whether you need one;
      • Data breaches, and notifying supervisory authorities and data subjects; and
      • Obligations for international data transfers.
    • How to comply with the Regulation, including:
      • Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records);
      • The documentation you must maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); and
      • The “appropriate technical and organisational measures” you need to take to ensure compliance with the Regulation.
    • A full index of the Regulation, enabling you to find relevant Articles quickly and easily.

    Supplemental material 

    While most of the EU GDPR’s requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes and procedural documentation as a result of these changes.  

    We have published a supplement that sets out specific extra or amended information for this pocket guide. Click here to download the supplement. 

    About the author

    Alan Calder is the Group CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. He is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University’s postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by IBITGQ (International Board for IT Governance Qualifications). Alan has consulted on data security for numerous clients in

    LanguageEnglish
    Publisheritgovernance
    Release dateOct 15, 2020
    ISBN9781787782549
    Author

    Alan Calder

    Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

    Read more from Alan Calder

    Related to EU GDPR – An international guide to compliance

    Related ebooks

    Computers For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Data Compliance Checklist

      May 15, 2019

      People had a lot to say about Google’s January AU$80 million fine for breaching the General Data Protection Regulation (GDPR) – and rightly so. It was the first time a tech giant suffered a financial penalty under the GDPR. The fine served as a signa

      3 min read

    • Article

      Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL

      Sep 21, 2016

      Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate

      2 min read

    • Article

      Will Europe's New Web Privacy Rules Also Bring Global Standards Of Trust?

      May 25, 2018

      The European Union’s General Data Protection Regulation, which goes into effect today, presents an opportunity for technology companies around the globe to reestablish trust with their customers.

      4 min read

    • Article

      Europe’s New Data Privacy Law

      May 16, 2018

      The EU's data collection measures take effect May 25 and will reach beyond the Continent. Here's what you need to know.

      3 min read

    • Article

      “Our Customer Services Rep Called Them A Twerp–can I With Hold This?”

      Dec 8, 2022

      Since the start of the summer, a lucky dip of legal queries has landed on my desk. From subject access requests to restrictive covenants in technology consultancy agreements, and onwards to software development contracts between multiple parties. Dat

      6 min read

    • Article

      Consumer Confidential: This Bill Includes Prison For CEOs Who Fail To Take Consumer Privacy Seriously

      Nov 16, 2018

      It's gotten to the point that there are so many data breaches, people can find it hard to work up a sense of outrage over their privacy being violated again and again and again. The business world is counting on such breach fatigue to keep meaningful

      4 min read

    • Article

      What Is Privacy?

      Nov 21, 2021

      What is privacy? It’s a question I’ve encountered many times in my seven and a half years as New Zealand’s Privacy Commissioner. Many assume it has a narrow meaning: the right to keep everything to yourself; to tell no one anything. But in New Zealan

      6 min read

    • Article

      How To Keep Data Safe

      Feb 3, 2023

      How To Keep Data Safe
      2 min read

    • Article

      Drawing The Digital Curtains

      Jun 25, 2018

      Drawing The Digital Curtains
      8 min read

    • Article

      It’s Time For Action On Privacy

      Jan 28, 2019

      IN 2019, IT’S TIME TO STAND UP FOR THE RIGHT TO privacy—yours, mine, all of ours. Consumers shouldn’t have to tolerate another year of companies irresponsibly amassing huge user profiles, data breaches that seem out of control and the vanishing abili

      2 min read

    • Article

      Cannaprivacy

      Mar 20, 2020

      Cannaprivacy
      4 min read

    • Article

      “I Find Myself Incapable Of Moving Away From My Laptop As I Await Further Updates”

      Mar 9, 2023

      It happened again. I was due to run a training course on international data transfers at the end of November 2022. I had prepared a pack of materials, and took great pride in my new case study, taking delegates through the process for a transfer risk

      6 min read

    • Article

      An American Nod To European Privacy

      Jul 11, 2023

      Each year, Europe and the United States conduct business worth $7.1 trillion across the Atlantic, much of it in digital information. But that bounty has always come with a risk to the privacy of consumers – something that has eluded the two sides for

      2 min read

    • Article

      Protecting Data Now Fully Law

      Sep 4, 2020

      South Africa remains vulnerable to the threat posed by data breaches and has been found to have the highest probability of experiencing it. The recent hack of credit data firm Experian SA, in which the personal information of as many as 24m South Afr

      4 min read

    Related categories

    Reviews for EU GDPR – An international guide to compliance

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      EU GDPR – An international guide to compliance - Alan Calder

      reading

      INTRODUCTION

      Few companies are in favour of further regulation, but it is generally recognised that it has a role to play in keeping industries honest and protecting the populace at large. There is also a lot of opposition to particularly strong regulation, so more heavy-handed laws are often developed incrementally, which conveniently reduces the outcry at any given stage. It’s quite rare for a particularly strong regulation to come about all at once: the European Union’s General Data Protection Regulation (GDPR) is one such beast, however.

      It’s not that the GDPR is unnecessary, nor that any individual requirement is particularly egregious; rather, much of the initial challenge arose because it came along all at once and potentially affected nearly every organisation in the world. The Regulation is so widely applicable, in fact, that there are likely to be legal arguments and discussions over the coming decade to determine the true extent of its powers¹. Since then, the challenge for many organisations has been to maintain compliance in the face of changing economies and the results of various legal cases, which have had some fundamental impacts on how the Regulation should be interpreted and applied.

      The repercussions of failing to comply with the law are not to be sneezed at: organisations found to be in breach of the Regulation can be fined up to €20 million, or four percent of global annual turnover – whichever is greater. Needless to say, there are few companies that would be willing to take a hit of that magnitude when compliance can be achieved much more cheaply.

      Equally, however, the Regulation aims to tread that line between protecting the rights of the individual and removing barriers to the free movement of personal data within the internal market. That is, although the Regulation places limits and restrictions on the use and storage of personal data (sometimes called ‘personally identifiable information’, or PII), it does so in the interests of both keeping the EU at the forefront of the modern information economy while creating a ‘level playing field’ among EU Member States.

      The organisations that appreciate this distinction – and act quickly to resolve issues and to ensure compliance with the Regulation – are those that thrive in an evolving regulatory environment.

      This pocket guide aims to help your organisation thrive under the GDPR wherever you are in the world by providing you with an understanding of the Regulation, the broader principles of data protection, and what the Regulation means for businesses in Europe and beyond.

      There are key terms throughout this book that need to be properly understood to really get to grips with the Regulation. These are defined in chapter 2 – Terms and definitions.

      ¹ There’s more on this in chapter 3 of this guide (The Regulation).

      CHAPTER 1: A BRIEF HISTORY OF DATA PROTECTION

      The common conception of data protection is a very modern notion. We think of digitally stored databases and records, and we understand the importance of protecting them. It’s obvious: digital records have no physical weight and can be mislaid or stolen without removing the original, and it’s easy to comprehend that such a loss could represent an enormous amount of information. This isn’t the way it’s always been, though, and even today information in other formats needs to be protected.

      Possibly the earliest forms of data and privacy protection come from the professions rather than legislation itself. For instance, lawyer-client confidentiality (or legal professional privilege, as it’s called in the UK) is believed to have begun as a sort of contract between a lawyer and their client many decades (and possibly centuries) before it entered into law itself. It was introduced as a way of ensuring that a lawyer could adequately represent their clients’ interests without the client fearing legal repercussions.

      Equally, the keeping of medical records and a doctor’s confidentiality were established decades ago, and, although a court could force those records to be handed over, the medical profession was otherwise expected to keep them relatively safe. Once again, this was something that the profession handled long before the law moved to codify the practice.

      Under these practices, specific silos of personal information were protected according to the interests of the business: if a profession could see the business value in protecting information, it was protected. This has had to change, however, as record keeping shifted from paper to electronics and as the methods for manipulating even small elements of personal information have become more powerful, which puts all this information at risk because it now has a distinct value. Political campaigns, as a reasonably ethical example, have used increasing volumes of data to better target key demographics, define policy, manage candidates’ image and so on. On the other end of the scale, identity theft has become a significant problem that has only become a greater threat with the greater volume of information that is available.

      With regard to the situation in Europe, one of the first legal protections for personal information was codified in Article 8 of the European Convention on Human Rights (ECHR)

      Enjoying the preview?
      Page 1 of 1