Muutke küpsiste eelistusi

GDPR: A Game of Snakes and Ladders: How Small Businesses Can Win at the Compliance Game [Kõva köide]

  • Formaat: Hardback, 252 pages, kõrgus x laius: 234x156 mm, kaal: 526 g, 23 Tables, black and white; 36 Line drawings, black and white; 4 Halftones, black and white; 63 Illustrations, black and white
  • Ilmumisaeg: 21-Feb-2020
  • Kirjastus: Routledge
  • ISBN-10: 0367435454
  • ISBN-13: 9780367435455
Teised raamatud teemal:
GDPR: A Game of Snakes and Ladders: How Small Businesses Can Win at the Compliance GameSuurem pilt
  • Formaat: Hardback, 252 pages, kõrgus x laius: 234x156 mm, kaal: 526 g, 23 Tables, black and white; 36 Line drawings, black and white; 4 Halftones, black and white; 63 Illustrations, black and white
  • Ilmumisaeg: 21-Feb-2020
  • Kirjastus: Routledge
  • ISBN-10: 0367435454
  • ISBN-13: 9780367435455
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367435455.html
Märksõnad:
"For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities, and sole traders applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder a snake appears which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance. GDPR: A Game of Snakes and Ladders is an easy to read reference tool which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulations are explained so that organisations can comply with them with the minimum of fuss and deliver compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders, training slide pack. Additional resources are available on the companion website. This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game)"--

For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities and sole traders, applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder, a snake appears, which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines seeming around every corner, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance.

GDPR: A Game of Snakes and Ladders is an easy to read reference tool, which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulation is explained so that organisations can comply with the minimum of fuss and deliver this compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders training slide pack. Additional resources are available on the companion website.

This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game).

List of tables
xi
List of figures
xii
List of case studies
xiv
List of quotes
xvi
Preface xvii
1 What is the General Data Protection Regulation (GDPR)?
1(17)
Basic concept of GDPR
3(1)
Key principles or GDPR
3(2)
The link to previous legislation
5(1)
The European Data Protection Board and national Supervisory Authorities
5(1)
Who has to comply with GDPR?
6(1)
What has GDPR changed?
7(1)
The penalties for Data Breaches
8(3)
GDPR compliance as an ongoing journey
11(1)
What must you do?
11(2)
Appendix 1
13(5)
2 GDPR terminology
18(13)
GDPR terms --- people or entities
18(1)
GDPR terms --- types of personal data
19(1)
Key terms - actions
20(2)
GDPR terms - consent
22(1)
GDPR terms - the principles of GDPR
23(1)
GDPR terms --- lawful basis
23(1)
GDPR terms --- subject rights
23(3)
Appendix 2
26(5)
3 The GDPR Articles and Recitals
31(52)
The Recitals of GDPR
31(3)
The GDPR Articles explained "in a nutshell"
34(49)
4 Applying GDPR to your organisation
83(18)
How does GDPR apply to my business?
83(4)
Build awareness
87(1)
Understand the data
88(10)
Communication
98(3)
5 Data Controllers, Data Processors and the Data Protection Officer
101(16)
Definition of processing
102(1)
Data Controllers
103(7)
Data Processors
110(3)
Security of processing
113(1)
Data Protection Officer (DPO)
114(3)
6 Analysing what personal data you hold
117(17)
What is personal data?
117(4)
Special categories of information
121(5)
What is processing?
126(1)
What does GDPR mean by identified?
126(4)
Personal data in the case study organisation
130(1)
Deciding what information can be used to identify a person
130(2)
Fill in the personal data grid for your organisation
132(2)
7 Privacy Policies and Notices
134(13)
Why do I need a Privacy Policy?
134(1)
What information should a privacy document contain?
134(3)
How should privacy information be presented?
137(1)
Deciding what your privacy document includes
138(2)
Benefits of a Privacy Policy
140(1)
The layered approach
140(1)
Creating a Privacy Notice/statement
140(3)
GDPR consent
143(4)
8 Recording your processing activities
147(23)
Why do I need to map the data?
150(1)
Is a Data Flow Analysis or Data Audit compulsory?
151(1)
How long will it take?
151(1)
Understanding how dataflows in an organisation
151(2)
Data Audit
153(12)
Data security
165(2)
Data Protection Impact Assessment (DPIA)
167(2)
Data Subjects' rights
169(1)
9 Sharing information electronically
170(15)
Email
171(7)
Direct marketing
178(5)
Physical security
183(1)
WhatsApp and Messenger
184(1)
Email security and the data governance policy
184(1)
10 Data Breaches
185(8)
What is a Data Breach?
185(1)
Reporting a Data Breach
186(3)
Planning how to deal with a breach
189(3)
Staff training
192(1)
11 Keeping data safe
193(10)
The risks to your data
194(1)
The GDPR data security requirement
195(1)
What does data security mean?
195(1)
Identify data security risks
195(1)
Put in place data security measures
196(1)
Physical security measures
197(1)
Cybersecurity measures
197(2)
Testing your security measures
199(1)
ISO 27001/2:2013
199(1)
Data security terms
200(1)
Keeping yourself "cyber safe"
200(3)
12 Retaining and deleting data
203(9)
Retaining data
203(2)
Anonymisation
205(1)
Pseudonymisation
205(1)
Deletion
206(1)
The right of erasure
206(5)
Retaining data from dashcams/helmet cams/CCTV
211(1)
13 An individual's rights under GDPR
212(19)
Providing information to individuals
212(1)
Data Subjects'rights
212(2)
Individual's data access options
214(1)
Subject Access Request
215(9)
Freedom of Information Act
224(3)
Accessing educational and medical records
227(2)
Individuals' rights - exemptions
229(2)
14 GDPR training
231(9)
The requirement
231(1)
What should the training include?
232(5)
Guidance on handling, retaining, sharing and deleting data
237(1)
Details of how the organisation uses marketing including direct under GDPR
238(1)
Data minimisation
238(1)
Individuals' rights
238(2)
Gdpr resource links 240(5)
Index 245
Samantha Alford is an established technical author, instructor and business management specialist and Data Protection Officer. She has over 35 years of experience in compliance, governance and oversight in the public, private and charity sectors. She is a Director and Owner of PPP Management Ltd.