GDPR Part #4- List of resources where this document comes from
The GDPR is a set of rules that collets principles and best practices already existing since a while. This document lists those principles and best practices and explains how to be compliant to GDPR, providing concrete checklists and action plan. It doesn’t substitute the work of a compliance lawyer, or a DPO (Data protection officer) that is recommended to consult if the company collect and process PII (Personal Identifiable Information), particularly, if those data are sensitive like medical record and financial data.
Part #1- Takeaways and Action Plan
Part #2- GDPR user’s rights and checklists
Part #3- Privacy and Security by design and checklists
Part #4- List of resources where this document comes from
NOTE: For a quick consultation, if you are already familiar with GDPR, I put the takeaways and action plan at the beginning in part #1 and jump on part #2 and #3 if you want to deep dive on the checklists.
The aim of this document is to: a) give an overview of what GDPR is; b) clarify concepts that can apply to GDPR and are mostly misunderstood; b) provide a step by step guide to creating a self-regulatory framework within your organization.
The target audience is small and medium companies that are starting their business and are still not well informed about GDPR and need a guide on how they could start dealing with this topic. This document can be also handy to the responsible for the compliance that wants to build up the knowledge base within the organization. Finally, this document is for all the others that are still disoriented and want to know, where GDPR come from, and its implications at technical and business process level.
References
1 Data protection, privacy and cybersecurity — http://www.nortonrosefulbright.com/uk/our-services/technology-and-innovation/data-protection-privacy-and-cybersecurity/
2 GDPR website — https://www.eugdpr.org/the-regulation.html
3 The Very Strong Business Case for Complying — https://www.entrepreneur.com/article/313221
4 Preparing for the General Data Protection Regulation (GDPR) 12 — https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf
5 Preparing for the General Data Protection Regulation (GDPR) 12 — https://buff.ly/2BTowip
6 General Data Protection Regulation (GDPR) — https://gdpr-info.eu/
https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf
7 Privacy by design — https://gdpr-info.eu/issues/privacy-by-design/
8 Privacy by design — https://en.wikipedia.org/wiki/Privacy_by_design
9 Privacy by Design Centre of Excellence (also videos): The Seven Foundational Principles
https://www.ryerson.ca/pbdce/certification/seven-foundational-principles-of-privacy-by-design/
10 Security by design- https://www.logicworks.com/blog/2017/01/what-is-security-by-design/
11 Security by Design Principles: https://www.owasp.org/index.php/Security_by_Design_Principles
12 Guide to general GDPR\Legacy Systems\bird — bird — guide-to-the-general-data-protection-regulation.pdf
13 GDPR Compliance Guide — Blinking Team — https://medium.com/blinking/gdpr-compliance-guide-2071bbed2558
14 Individual rights — https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- gdpr/individual-rights/
15 GDPR Compliance: The Information & Insights You Need -https://www.isaca.org/info/gdpr/index.html
16 GDPR’s Impact in Hospitality, Incorporating NIST Cybersecurity Framework Concepts
http://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=968&_
rsc=31b743cc- b231–4d19-bda4–4bcc642f1906
17 All data type from Michigan University -https://www.safecomputing.umich.edu/dataguide/?q=all-data
18 The blinding identity taxonomy initiative https://dativa.com/blinding-identity-taxonomy/
19 Making risk management work https://www.projectmanagement.com/blog- post/19611/Making-risk-management-work — -the-final-step
20 Cross-border issues under EU data protection law with regards to personal data protection https://www.tandfonline.com/doi/full/10.1080/13600834.2017.1330740
21 PSD2 and GDPR
https://www2.deloitte.com/lu/en/pages/banking-and-securities/articles/psd2-gdpr-friends-or-foes.html
22 Lawful basis for processing
23 Data protection impact assessments
24 Why is consent important?
25 Guide to the General Data Protection Regulation. Bird & Bird
https://www.lexology.com/library/detail.aspx?g=fe64fbad-d514-492f-b4b2-2b6b204da0da
26 Regulation versus national law https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/11--guide-to-the-gdpr--material-and-territorial-scope.pdf?la=en
27 https://www.swsrc.ca/new-resources-page-full-of-information/
Continue reading
Part #1- Takeaways and Action Plan
Part #2- GDPR user’s rights and checklists
