GDPR - What the Law Really Requires You to Do
A Tips & Advice Special Report about...
In a nutshell
On 25 May 2018, your company should have been GDPR-compliant. But don't panic – as long as you can show that you're working towards meeting your data protection obligations and have started your preparations, you'll be in the clear.
That’s where our Special Report is invaluable – use it as a checklist to ensure you’re dotting all the Is and crossing all the Ts that apply to your type of business.
Complying with the GDPR needn't be a big deal. You just need to know your obligations and have the correct procedures and documentation in place to comply with them. This easy-to-read report unravels the complexities of the GDPR. It gives clear answers to questions such as:
- What are the conditions for lawfully processing data?
- How do I obtain consent and how long does it last?
- What rights do 'data subjects' have?
- What is a data breach and how should you respond to it?
- How does GDPR affect data sharing and direct marketing?
- Can personal data be transferred outside the UK?
All companies, including yours, are affected by the new GDPR. This Special Report guarantees you won't slip up in your data protection practices and run the risk of a sizeable fine. It allows you to take care of GDPR compliance in a cost-effective and legally safe way.
We've created this Tips & Advice Special Report especially for...
Company owners and everyone working with 'data' in a company that wants to:
- Comply with the GDPR at minimal cost and without running the risk of a sizeable fine
You'll get the following free extras with this Tips & Advice Special Report...
An Online Service with ready-to-use documents
- To immediately apply our advice and solutions in practice
- That you can easily adapt to suit your own requirements
In this Tips & Advice Special Report you'll read about...
Table of contents
1. Why the new legislation?
Background and timing
The Data Protection Bill (DPB)
New e-Privacy Regulation
Is the GDPR overhyped?
Why is the GDPR needed?
Is there much difference from the Data Protection Act (DPA)?
What steps should you be taking now to prepare for the GDPR?
2. Key definitions
What are the objectives?
What is the territorial scope?
What does “goods and services” mean?
What does “monitoring behaviour in the EU” mean?
What is personal data?
What is a data subject?
What is a data controller?
What is a data processor?
What is processing?
What is special category data?
What is a data protection officer and must you appoint one?
3. Key principles
What are the existing principles under the DPA?
First principle. Data must be processed fairly and lawfully
Second principle. Personal data must be obtained only for lawful purposes
Third principle. Data must be adequate, relevant and not excessive
Fourth principle. Data must be accurate and kept up to date
Fifth principle. Data must not be kept longer than necessary
Sixth principle. Data must be processed in accordance with the rights of the data subject
Seventh principle. Appropriate technical and security measures must be in place to prevent unauthorised or unlawful processing, accidental loss of or destruction
or damage to personal data
Eighth principle. Personal data must not be transferred outside the EEA unless that country has adequate levels of protection in place
What are the new principles under the GDPR?
What is the lawfulness, fairness and transparency principle and how do you comply?
What is the purpose limitation principle and how do you comply?
What is the data minimisation principle and how do you comply?
What is the accuracy principle and how do you comply?
What is the storage limitation principle and how do you comply?
What is the integrity and confidential principle and how do you comply?
What does accountability mean?
4. The lawful basis for processing data
What are the six conditions for lawfully processing data?
Which one do you choose?
What is consent and how do you obtain it?
Can consent be withdrawn?
How long does consent last?
When do you need “explicit” consent?
What about children giving consent?
When is it a legitimate interest?
What are the other grounds for legal processing?
5. Data subject rights
What are data subject rights?
What is the right to be informed?
Example privacy notice
What is privacy by design and privacy by default?
Can a data subject access any personal data that you may have about them?
Does a data subject have the right for inaccurate data to be corrected?
Can a data subject ask you to permanently delete all the data you hold on them?
Can a data subject restrict you processing their data?
Can a data subject ask you to send their data to a third party in a commonly used format?
Can a data subject object to processing?
Can a data subject object to significant decisions being made solely by automated means?
Can a data subject claim compensation under the GDPR, and if so, from whom?
6. Data breaches and how to respond and report
What is a data breach?
How can a data breach occur?
What steps should you take to prevent a breach?
When, how and who do you notify if a data breach occurs?
What are the penalties and what enforcement action can be taken?
7. Data sharing and direct marketing
What is data sharing?
Is data sharing allowed?
Does the GDPR affect data sharing?
What is direct marketing?
Example of an opt-in box
How does the GDPR affect direct marketing?
Example suggested privacy notice wording to put on your website if you want to rely on and use legitimate business interests
Can you still use buy-in lists of data for direct marketing purposes under the GDPR?
What’s the current position regarding cookies?
8. Transferring personal data outside the UK
Can data be transferred outside the UK?
Can you transfer personal data outside the EEA?
Does the GDPR change anything?
PAPER + ONLINE SERVICE
Special subscribers' offer
£52.00Only if you already have a subscription
PDF + ONLINE SERVICE
£52.00Only if you already have a subscription