What is involved in GDPR
Find out what the related areas are that GDPR connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a GDPR thinking-frame.
How far is your company on its GDPR journey?
Take this short survey to gauge your organization’s progress toward GDPR leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which GDPR related domains to cover and 214 essential critical questions to check off in that domain.
The following domains are covered:
GDPR, Medical privacy, Right to privacy in New Zealand, Council of the European Union, Privacy in English law, Norwegian Data Protection Authority, Personal information management, European Economic Area, NOYB – European Center for Digital Rights, International business, National data protection authorities, Internet privacy, American Civil Liberties Union, Social Science Research Network, Google Spain v AEPD and Mario Costeja González, Privacy International, Global Network Initiative, Data Protection Act, 2012, Identity theft, Information privacy law, Data security, Swedish Data Protection Authority, Privacy law in Denmark, Office of the Australian Information Commissioner, Privacy engineering, Information privacy, Privacy in Australian law, Official Journal of the European Union, Gross regional domestic product, European Parliament Committee on Civil Liberties, Justice and Home Affairs, Personally identifiable information, Article 29 Working Party, European Commission Data Protection Officer, Data Protection Directive, European Digital Rights, Personality rights, European Union Agency for Network and Information Security, Federal Act on Data Protection, Data portability, Mass surveillance, Personal identifier, Spanish Data Protection Agency, Right to privacy, Privacy law, Expectation of privacy, Right to explanation, Article 29 Data Protection Working Party, NIS Directive, Data breach, Privacy-enhancing technologies, Data protection, National data protection authority, Human rights, Future of Privacy Forum, Consumer privacy, GDPR, Privacy Rights Clearinghouse, One-stop shop, Right to be forgotten, European Parliament, Federal Data Protection and Information Commissioner, Information Commissioner’s Office, Electronic Frontier Foundation, National Privacy Commission, Electronic Privacy Information Center, Political privacy, European Union, Computer Professionals for Social Responsibility, Government gazette, Office of the Data Protection Supervisor:
GDPR Critical Criteria:
Study GDPR risks and get going.
– We keep records about our employees; partners and their employees from around the world. Records are stored on servers in the USA using SAP and Microsoft Cloud (not sure where these MS Cloud servers are located). What are our duties to protect data when servers are out of our reach?
– In the event of an investigation, a business internal discussions will be relevant, as well as these external objective factors. Does the business envisage the offering of services to individuals in the Union?
– If our GDPR management is conducted by an external company; who would be fined in the event of a personal data leak? Is the responsibility born by us; or can it be contractually transferred to the provider?
– After GDPR comes into force; can we continue declaring that papers and identifiers which a candidate has provided us with for the purpose of selection procedure will not returned?
– Is the right to be forgotten absolute? If a customer orders goods; and I need his information to complete the order; do I have to delete that information upon request?
– GDPR states that processing personal data on a large scale triggers the designation of a DPO. How is large scale defined? Is there a certain amount of data specified?
– Disclosure of names/salaries by Court of Auditors in report to Parliament; necessary also to disclose to general public?
– Would you be able to notify a data protection supervisory authority of a data breach within 72 hours?
– Data subjects can demand that their data be deleted; do you have a process for this when asked?
– Does the GDPR also apply when personal data are processed outside the EU?
– Does a video surveillance solution for public places come under GDPR?
– What is Personal Data or Personally Identifiable Information (PII)?
– Does the GDPR also apply if I use pseudonymous or encoded data?
– What happens when personal data is breached under the GDPR?
– WILL WE NEED TO CERTIFY COMPLIANCE BY CERTIFICATION BODIES?
– What qualifications does the data protection officer need?
– What will the data protection reform do for citizens?
– New security obligations optional or not?
– RELY ON IMPLICIT CONSENT?
– How do we do it?
Medical privacy Critical Criteria:
Consider Medical privacy goals and optimize Medical privacy leadership as a key to advancement.
– How can we incorporate support to ensure safe and effective use of GDPR into the services that we provide?
– Does GDPR analysis isolate the fundamental causes of problems?
– How will you know that the GDPR project has been successful?
Right to privacy in New Zealand Critical Criteria:
Survey Right to privacy in New Zealand tasks and triple focus on important concepts of Right to privacy in New Zealand relationship management.
– What are your key performance measures or indicators and in-process measures for the control and improvement of your GDPR processes?
– What other organizational variables, such as reward systems or communication systems, affect the performance of this GDPR process?
– Are there GDPR problems defined?
Council of the European Union Critical Criteria:
Revitalize Council of the European Union issues and remodel and develop an effective Council of the European Union strategy.
– How likely is the current GDPR plan to come in on schedule or on budget?
– Who will be responsible for documenting the GDPR requirements in detail?
– How do we Lead with GDPR in Mind?
Privacy in English law Critical Criteria:
Devise Privacy in English law issues and pay attention to the small things.
– What other jobs or tasks affect the performance of the steps in the GDPR process?
– What are the usability implications of GDPR actions?
– How can the value of GDPR be defined?
Norwegian Data Protection Authority Critical Criteria:
Weigh in on Norwegian Data Protection Authority decisions and know what your objective is.
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to GDPR?
– Have you identified your GDPR key performance indicators?
Personal information management Critical Criteria:
Judge Personal information management outcomes and get out your magnifying glass.
– What are your results for key measures or indicators of the accomplishment of your GDPR strategy and action plans, including building and strengthening core competencies?
– How do we Identify specific GDPR investment and emerging trends?
European Economic Area Critical Criteria:
Do a round table on European Economic Area decisions and integrate design thinking in European Economic Area innovation.
– Meeting the challenge: are missed GDPR opportunities costing us money?
NOYB – European Center for Digital Rights Critical Criteria:
Start NOYB – European Center for Digital Rights tactics and customize techniques for implementing NOYB – European Center for Digital Rights controls.
– Does GDPR create potential expectations in other areas that need to be recognized and considered?
– Which individuals, teams or departments will be involved in GDPR?
– Which GDPR goals are the most important?
International business Critical Criteria:
Powwow over International business tactics and learn.
– What are the top 3 things at the forefront of our GDPR agendas for the next 3 years?
– Who are the people involved in developing and implementing GDPR?
– Do GDPR rules make a reasonable demand on a users capabilities?
– Organizational structure for international business?
National data protection authorities Critical Criteria:
Track National data protection authorities management and revise understanding of National data protection authorities architectures.
– In the case of a GDPR project, the criteria for the audit derive from implementation objectives. an audit of a GDPR project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any GDPR project is implemented as planned, and is it working?
– What are our best practices for minimizing GDPR project risk, while demonstrating incremental value and quick wins throughout the GDPR project lifecycle?
– What is our formula for success in GDPR ?
Internet privacy Critical Criteria:
Wrangle Internet privacy adoptions and point out Internet privacy tensions in leadership.
– How do we maintain GDPRs Integrity?
American Civil Liberties Union Critical Criteria:
Think carefully about American Civil Liberties Union tactics and differentiate in coordinating American Civil Liberties Union.
– What role does communication play in the success or failure of a GDPR project?
– Can Management personnel recognize the monetary benefit of GDPR?
– What are the Key enablers to make this GDPR move?
Social Science Research Network Critical Criteria:
Deliberate over Social Science Research Network failures and intervene in Social Science Research Network processes and leadership.
– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which GDPR models, tools and techniques are necessary?
– How important is GDPR to the user organizations mission?
– What is our GDPR Strategy?
Google Spain v AEPD and Mario Costeja González Critical Criteria:
Air ideas re Google Spain v AEPD and Mario Costeja González decisions and adjust implementation of Google Spain v AEPD and Mario Costeja González.
– Can we add value to the current GDPR decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
Privacy International Critical Criteria:
Ventilate your thoughts about Privacy International governance and oversee Privacy International management by competencies.
– Think of your GDPR project. what are the main functions?
– What threat is GDPR addressing?
Global Network Initiative Critical Criteria:
Look at Global Network Initiative governance and acquire concise Global Network Initiative education.
– What is the purpose of GDPR in relation to the mission?
– What are the long-term GDPR goals?
– What will drive GDPR change?
Data Protection Act, 2012 Critical Criteria:
Study Data Protection Act, 2012 tactics and develop and take control of the Data Protection Act, 2012 initiative.
– Do you monitor the effectiveness of your GDPR activities?
– What are current GDPR Paradigms?
Identity theft Critical Criteria:
Boost Identity theft tasks and visualize why should people listen to you regarding Identity theft.
– Identity theft could also be an inside job. Employees at big companies that host e-mail services have physical access to e-mail accounts. How do you know nobodys reading it?
– How can you negotiate GDPR successfully with a stubborn boss, an irate client, or a deceitful coworker?
– What are the barriers to increased GDPR production?
Information privacy law Critical Criteria:
Generalize Information privacy law results and work towards be a leading Information privacy law expert.
– Do those selected for the GDPR team have a good general understanding of what GDPR is all about?
– What is the source of the strategies for GDPR strengthening and reform?
– Who will provide the final approval of GDPR deliverables?
Data security Critical Criteria:
Look at Data security management and catalog Data security activities.
– Does the cloud solution offer equal or greater data security capabilities than those provided by your organizations data center?
– What are the minimum data security requirements for a database containing personal financial transaction records?
– Do these concerns about data security negate the value of storage-as-a-service in the cloud?
– What are the challenges related to cloud computing data security?
– So, what should you do to mitigate these risks to data security?
– How do we go about Comparing GDPR approaches/solutions?
– Does it contain data security obligations?
– What is Data Security at Physical Layer?
– What is Data Security at Network Layer?
– What are internal and external GDPR relations?
– How will you manage data security?
– Is a GDPR Team Work effort in place?
Swedish Data Protection Authority Critical Criteria:
Adapt Swedish Data Protection Authority visions and overcome Swedish Data Protection Authority skills and management ineffectiveness.
– What are your current levels and trends in key measures or indicators of GDPR product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?
– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding GDPR?
– When a GDPR manager recognizes a problem, what options are available?
Privacy law in Denmark Critical Criteria:
Communicate about Privacy law in Denmark goals and overcome Privacy law in Denmark skills and management ineffectiveness.
– What are the record-keeping requirements of GDPR activities?
– How can we improve GDPR?
Office of the Australian Information Commissioner Critical Criteria:
Check Office of the Australian Information Commissioner failures and oversee implementation of Office of the Australian Information Commissioner.
– Are there recognized GDPR problems?
Privacy engineering Critical Criteria:
Communicate about Privacy engineering planning and slay a dragon.
– Is the GDPR organization completing tasks effectively and efficiently?
– How can skill-level changes improve GDPR?
Information privacy Critical Criteria:
Wrangle Information privacy outcomes and frame using storytelling to create more compelling Information privacy projects.
– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new GDPR in a volatile global economy?
– Who will be responsible for making the decisions to include or exclude requested changes once GDPR is underway?
– Who will be responsible for deciding whether GDPR goes ahead or not after the initial investigations?
Privacy in Australian law Critical Criteria:
Communicate about Privacy in Australian law outcomes and look at it backwards.
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these GDPR processes?
– What vendors make products that address the GDPR needs?
Official Journal of the European Union Critical Criteria:
Explore Official Journal of the European Union management and know what your objective is.
– For your GDPR project, identify and describe the business environment. is there more than one layer to the business environment?
– Will GDPR have an impact on current business continuity, disaster recovery processes and/or infrastructure?
Gross regional domestic product Critical Criteria:
Review Gross regional domestic product tactics and drive action.
– Think about the functions involved in your GDPR project. what processes flow from these functions?
European Parliament Committee on Civil Liberties, Justice and Home Affairs Critical Criteria:
Have a round table over European Parliament Committee on Civil Liberties, Justice and Home Affairs tactics and customize techniques for implementing European Parliament Committee on Civil Liberties, Justice and Home Affairs controls.
– Do several people in different organizational units assist with the GDPR process?
Personally identifiable information Critical Criteria:
Face Personally identifiable information issues and work towards be a leading Personally identifiable information expert.
– When sharing data, are appropriate procedures, such as sharing agreements, put in place to ensure that any Personally identifiable information remains strictly confidential and protected from unauthorized disclosure?
– Does the company collect personally identifiable information electronically?
– How do mission and objectives affect the GDPR processes of our organization?
– Have the types of risks that may impact GDPR been identified and analyzed?
Article 29 Working Party Critical Criteria:
Consolidate Article 29 Working Party tactics and work towards be a leading Article 29 Working Party expert.
– Does GDPR analysis show the relationships among important GDPR factors?
European Commission Data Protection Officer Critical Criteria:
Conceptualize European Commission Data Protection Officer outcomes and catalog what business benefits will European Commission Data Protection Officer goals deliver if achieved.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a GDPR process. ask yourself: are the records needed as inputs to the GDPR process available?
– Think about the kind of project structure that would be appropriate for your GDPR project. should it be formal and complex, or can it be less formal and relatively simple?
Data Protection Directive Critical Criteria:
Test Data Protection Directive tactics and acquire concise Data Protection Directive education.
– Do we have past GDPR Successes?
European Digital Rights Critical Criteria:
Pay attention to European Digital Rights adoptions and describe the risks of European Digital Rights sustainability.
– Does GDPR appropriately measure and monitor risk?
Personality rights Critical Criteria:
Mine Personality rights risks and spearhead techniques for implementing Personality rights.
– Does GDPR include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
– How can you measure GDPR in a systematic way?
European Union Agency for Network and Information Security Critical Criteria:
Analyze European Union Agency for Network and Information Security failures and point out improvements in European Union Agency for Network and Information Security.
– How do senior leaders actions reflect a commitment to the organizations GDPR values?
Federal Act on Data Protection Critical Criteria:
Read up on Federal Act on Data Protection visions and find answers.
– What are all of our GDPR domains and what do they do?
Data portability Critical Criteria:
Reconstruct Data portability failures and pay attention to the small things.
– Do you know how you will comply with the new rights: the right to be rorgotten, the right to data portability and the right to object to profiling?
– The right to data portability is complimentary – is a bank obliged to provide me with information free of charge?
– Do we all define GDPR in the same way?
Mass surveillance Critical Criteria:
Illustrate Mass surveillance outcomes and simulate teachings and consultations on quality process improvement of Mass surveillance.
Personal identifier Critical Criteria:
Consolidate Personal identifier goals and reinforce and communicate particularly sensitive Personal identifier decisions.
– Why are GDPR skills important?
Spanish Data Protection Agency Critical Criteria:
Have a session on Spanish Data Protection Agency issues and describe which business rules are needed as Spanish Data Protection Agency interface.
Right to privacy Critical Criteria:
Own Right to privacy tasks and transcribe Right to privacy as tomorrows backbone for success.
– Who is the main stakeholder, with ultimate responsibility for driving GDPR forward?
Privacy law Critical Criteria:
Cut a stake in Privacy law engagements and simulate teachings and consultations on quality process improvement of Privacy law.
– Have you considered what measures you will need to implement to ensure that the cloud provider complies with all applicable federal, state, and local privacy laws, including ferpa?
– What management system can we use to leverage the GDPR experience, ideas, and concerns of the people closest to the work to be done?
– Do you conduct an annual privacy assessment to ensure that you are in compliance with privacy laws and regulations?
Expectation of privacy Critical Criteria:
See the value of Expectation of privacy tasks and cater for concise Expectation of privacy education.
– what is the best design framework for GDPR organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
Right to explanation Critical Criteria:
Value Right to explanation planning and drive action.
– Do we aggressively reward and promote the people who have the biggest impact on creating excellent GDPR services/products?
– What tools do you use once you have decided on a GDPR strategy and more importantly how do you choose?
– What are our GDPR Processes?
Article 29 Data Protection Working Party Critical Criteria:
Infer Article 29 Data Protection Working Party goals and finalize specific methods for Article 29 Data Protection Working Party acceptance.
NIS Directive Critical Criteria:
Bootstrap NIS Directive engagements and create a map for yourself.
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about GDPR. How do we gain traction?
– What are the disruptive GDPR technologies that enable our organization to radically change our business processes?
Data breach Critical Criteria:
Contribute to Data breach risks and correct better engagement with Data breach results.
– One day; you may be the victim of a data breach and need to answer questions from customers and the press immediately. Are you ready for each possible scenario; have you decided on a communication plan that reduces the impact on your support team while giving the most accurate information to the data subjects? Who is your company spokesperson and will you be ready even if the breach becomes public out of usual office hours?
– Have policies and procedures been established to ensure the continuity of data services in an event of a data breach, loss, or other disaster (this includes a disaster recovery plan)?
– What staging or emergency preparation for a data breach or E-Discovery could be established ahead of time to prepare or mitigate a data breach?
– Data breach notification: what to do when your personal data has been breached?
– Are we making progress? and are we making progress as GDPR leaders?
– Do you have a communication plan ready to go after a data breach?
– How does the GDPR affect policy surrounding data breaches?
– Are you sure you can detect data breaches?
– Who is responsible for a data breach?
– What are specific GDPR Rules to follow?
Privacy-enhancing technologies Critical Criteria:
Discuss Privacy-enhancing technologies visions and define what do we need to start doing with Privacy-enhancing technologies.
Data protection Critical Criteria:
Air ideas re Data protection planning and devise Data protection key steps.
– Privacy should not be an afterthought; a bolt-on sometime between the initial coding and delivery of a new system. It should be designed in from the start; peer-reviewed; tested and the data controller needs to be able to show that adequate security is in place; it is monitored; and that the strictest data protection policies will apply by default. If you design your own custom apps; are these the standards you work to? When deploying purchased systems; is privacy set at its tightest by default?
– You do not want to be informed of a data loss incident from the users themselves or from the data protection authority. Do you have technology that can detect breaches that have taken place; forensics available to investigate how the data was lost (or changed); and can you go back in time with full user logs and identify the incident to understand its scope and impact?
– We keep record of data and store them in cloud services; for example Google Suite. There are data protection tools provided and security rules can be set. But who has the responsibility for securing them – us or Google?
– Do you see the need to support the development and implementation of technical solutions that are enhancing data protection by design and by default?
– What are the data protection mechanisms to control access to data from external sources that temporarily have internal residence?
– Do you have a data protection programme and are you able to provide evidence of how you comply with the requirements of the GDPR?
– Do you design data protection and privacy requirements into the development of your business processes and new systems?
– What ITIL best practices, security and data protection standards and guidelines are in use by the cloud service provider?
– What are the data protection mechanisms to protect data from unauthorized external access?
– Can I dismiss someone once they become my data protection officer?
– Does my business need to appoint a Data Protection Officer (DPO)?
– What is the role of a Data Protection Officer under the GDPR?
– DOES THE GDPR SET UP A CENTRAL EU DATA PROTECTION AUTHORITY?
– Do we have Data Protection Service Level Agreements?
– When must you appoint a data protection officer?
– What is Data Protection?
National data protection authority Critical Criteria:
Grade National data protection authority strategies and attract National data protection authority skills.
– Risk factors: what are the characteristics of GDPR that make it risky?
– How does the organization define, manage, and improve its GDPR processes?
– Who needs to know about GDPR ?
Human rights Critical Criteria:
Infer Human rights issues and shift your focus.
– Does the GDPR task fit the clients priorities?
– Are there GDPR Models?
Future of Privacy Forum Critical Criteria:
Analyze Future of Privacy Forum projects and display thorough understanding of the Future of Privacy Forum process.
– In what ways are GDPR vendors and us interacting to ensure safe and effective use?
– How do we make it meaningful in connecting GDPR with what users do day-to-day?
Consumer privacy Critical Criteria:
Demonstrate Consumer privacy governance and modify and define the unique characteristics of interactive Consumer privacy projects.
– Are there any disadvantages to implementing GDPR? There might be some that are less obvious?
GDPR Critical Criteria:
Think carefully about GDPR outcomes and diversify by understanding risks and leveraging GDPR.
– The GDPR provides users (data subjects) with the right to demand data controllers (the organizations holding the data) provide their data back to them; in machine readable form. Are you ready to respond to requests; to collect together all data from all sources on the individuals; and deliver it back?
– What about personal data I want to transfer outside the EU or to international organizations?
– I have used Commission approved Model Contracts for years will I have to renegotiate them?
– What channels will you make available for a withdrawal of consent?
– Is there an (absolute) right to be forgotten under existing law?
– Do you have a process to provide data to individuals who ask?
– Does senior management understand the importance of GDPR?
– WILL THE GDPR RESTRICT PROFILING OF DATA SUBJECTS?
– What do you need to do to prepare for the GDPR?
– What about Data Subjects under the age of 16?
– What happens if someone withdraws consent?
– Are you transferring data overseas?
– When will it come into force?
– What policies do I need?
– Do I have to comply?
– Are you ready?
Privacy Rights Clearinghouse Critical Criteria:
Start Privacy Rights Clearinghouse issues and create Privacy Rights Clearinghouse explanations for all managers.
– What prevents me from making the changes I know will make me a more effective GDPR leader?
One-stop shop Critical Criteria:
See the value of One-stop shop strategies and suggest using storytelling to create more compelling One-stop shop projects.
– How do we Improve GDPR service perception, and satisfaction?
– Is there any existing GDPR governance structure?
Right to be forgotten Critical Criteria:
Pilot Right to be forgotten visions and summarize a clear Right to be forgotten focus.
– How far into the backup and archive history do the right to be forgotten requirements apply?
European Parliament Critical Criteria:
Deliberate over European Parliament engagements and optimize European Parliament leadership as a key to advancement.
– Do we monitor the GDPR decisions made and fine tune them as they evolve?
– Why is GDPR important for you now?
Federal Data Protection and Information Commissioner Critical Criteria:
Track Federal Data Protection and Information Commissioner decisions and acquire concise Federal Data Protection and Information Commissioner education.
– How do you determine the key elements that affect GDPR workforce satisfaction? how are these elements determined for different workforce groups and segments?
– Why is it important to have senior management support for a GDPR project?
– How do we keep improving GDPR?
Information Commissioner’s Office Critical Criteria:
Mine Information Commissioner’s Office adoptions and remodel and develop an effective Information Commissioner’s Office strategy.
– How much does GDPR help?
Electronic Frontier Foundation Critical Criteria:
Have a session on Electronic Frontier Foundation strategies and get answers.
– How do your measurements capture actionable GDPR information for use in exceeding your customers expectations and securing your customers engagement?
National Privacy Commission Critical Criteria:
Conceptualize National Privacy Commission strategies and clarify ways to gain access to competitive National Privacy Commission services.
– Are assumptions made in GDPR stated explicitly?
Electronic Privacy Information Center Critical Criteria:
See the value of Electronic Privacy Information Center adoptions and observe effective Electronic Privacy Information Center.
Political privacy Critical Criteria:
Derive from Political privacy strategies and pioneer acquisition of Political privacy systems.
European Union Critical Criteria:
Nurse European Union issues and get the big picture.
– Can we do GDPR without complex (expensive) analysis?
Computer Professionals for Social Responsibility Critical Criteria:
Study Computer Professionals for Social Responsibility strategies and get out your magnifying glass.
– How would one define GDPR leadership?
Government gazette Critical Criteria:
Detail Government gazette projects and create Government gazette explanations for all managers.
– What sources do you use to gather information for a GDPR study?
Office of the Data Protection Supervisor Critical Criteria:
Familiarize yourself with Office of the Data Protection Supervisor goals and triple focus on important concepts of Office of the Data Protection Supervisor relationship management.
– In a project to restructure GDPR outcomes, which stakeholders would you involve?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the GDPR Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
GDPR External links:
Salesforce GDPR Compliance Page – Salesforce.com
General Data Protection Regulation (GDPR) – microsoft.com
GDPR Compliance Checklist | HubSpot
Medical privacy External links:
Medical Privacy – Workplace Fairness
Right to privacy in New Zealand External links:
Right to privacy in New Zealand – WOW.com
Right to privacy in New Zealand – pediaview.com
Council of the European Union External links:
[PDF]Council of the European Union (OR. en) 15966/17 …
Council of the European Union – Posts | Facebook
Privacy in English law External links:
The Right to Privacy in English Law
Norwegian Data Protection Authority External links:
CCIS | The Norwegian Data Protection Authority
Norwegian Data Protection Authority – WOW.com
Personal information management External links:
Consentric | One Place for Personal Information Management
European Economic Area External links:
[PDF]For Residents of the European Economic Area Countries
GDPR – European Economic Area | Littler Mendelson P.C.
International business External links:
2018 INTERNATIONAL BUSINESS FESTIVAL
International Business School the Hague
http://International business consists of trades and transactions at a global level. These include the trade of goods, services, technology, capital and/or knowledge. It involves cross-border transactions of goods and services between two or more countries. Transactions of economic resources include capital, skills, and people for the purpose of the international production of physical goods and services such as finance, banking, insurance, and construction. International business is also known as globalization. Globalization refers to the international trade between countries, which in turn refers to the tendency of international trade, investments, information technology and outsourced manufacturing to weave the economies of diverse countries together. To conduct business overseas, multinational companies need to separate national markets into one global marketplace. In essence there are two macro factors that underline the trend of greater globalization. The first macro-factor consists of eliminating barriers to make cross-border trade easier, such as the free flow of goods and services, and capital. The second macro-factor is technological change, particularly developments in communication, information processing, …
National data protection authorities External links:
[PDF]National Data Protection Authorities Austria – ec.europa.eu
Internet privacy External links:
Internet Privacy | Computer Privacy | Microsoft Privacy
American Civil Liberties Union External links:
File a Complaint | American Civil Liberties Union
ACLU Official Store | American Civil Liberties Union
Social Science Research Network External links:
Social Science Research Network – law360.com
Law and Social Science Research Network – LASSnet
Google Spain v AEPD and Mario Costeja González External links:
Google Spain v AEPD and Mario Costeja González
Google Spain v AEPD and Mario Costeja González – WOW.com
Privacy International External links:
PI Privacy International
Yahoo Privacy International
Global Network Initiative External links:
Global Network Initiative | HuffPost
https://www.huffingtonpost.com/topic/Global Network Initiative
Global Network Initiative | Berkman Klein Center
Global Network Initiative – Home | Facebook
Identity theft External links:
Identity Theft | Consumer Information
[PDF]Identity Theft and Your Social Security Number
Land Title: Identity Theft
Information privacy law External links:
The Textbooks – Information Privacy Law
Data security External links:
FedEx Data Security Upgrade
What is data security – answers.com
Account Data Security at Fidelity
Swedish Data Protection Authority External links:
Swedish Data Protection Authority – WOW.com
Swedish Data Protection Authority – Revolvy
https://update.revolvy.com/topic/Swedish Data Protection Authority
Privacy law in Denmark External links:
Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet (The Danish Data Protection Agency) based mainly upon the Act on Processing of Personal Data.
Privacy law in Denmark – Revolvy
https://broom02.revolvy.com/topic/Privacy law in Denmark
Privacy Law in Denmark – Sensagent.com
http://dictionary.sensagent.com/privacy law in denmark/en-en
Office of the Australian Information Commissioner External links:
Office of the Australian Information Commissioner – Facebook
Privacy engineering External links:
Privacy Engineering – Home | Facebook
[PDF]An Introduction to Privacy Engineering and Risk …
Information privacy External links:
Information Privacy | Citizens Bank
Your Health Information Privacy Rights (HIPAA) – WebMD
Privacy in Australian law External links:
Privacy in Australian law – Revolvy
https://www.revolvy.com/topic/Privacy in Australian law
Privacy in Australian law – iSnare Free Encyclopedia
Official Journal of the European Union External links:
[PDF]L 211/24 Official Journal of the European Union – …
[PDF]30.4.2004 EN Official Journal of the European Union L 138/1
http://www.transportrisk.com/news/EU Regulation 785-2004.pdf
[PDF]8.6.2017 EN Official Journal of the European Union C 180/5
Personally identifiable information External links:
Personally Identifiable Information (PII) – cdse.edu
Personally Identifiable Information
Personally Identifiable Information: HIPAA Best Practices
Data Protection Directive External links:
Data Protection Directive | E-crime Expert blog
EU Data Protection Directive – IAPP
European Union Data Protection Directive Privacy Statement
European Digital Rights External links:
European Digital Rights – EDRi – Home | Facebook
European Digital Rights – YouTube
European Digital Rights « Aletho News
Personality rights External links:
Chapter 63.60 RCW: PERSONALITY RIGHTS – Washington
personality rights Archives – Creative Commons
Chapter 63.60 RCW: PERSONALITY RIGHTS
Federal Act on Data Protection External links:
Federal Act on Data Protection – Magarental
Federal Act on Data Protection – admin.ch
[PDF]Federal Act on Data Protection – Walder Wyss
Mass surveillance External links:
Fight 215: Stop the Patriot Act’s Mass Surveillance
Personal identifier External links:
[PDF]Personal Identifier Reference List – Hamilton County …
Personal Identifier Beacon : Arduino ATMEGA328 …
Personal Identifier Confidentiality
Right to privacy External links:
Right to Privacy: Constitutional Rights & Privacy Laws
Right to Privacy – Shmoop
Confidentiality & Right to Privacy :: Title IX
Right to explanation External links:
Article 29 Data Protection Working Party External links:
[PDF]ARTICLE 29 DATA PROTECTION WORKING PARTY – …
[PDF]ARTICLE 29 DATA PROTECTION WORKING PARTY
NIS Directive External links:
2018: The year of the NIS Directive – Help Net Security
2018: The year of the NIS Directive – Threat Brief
Data breach External links:
Data Breach Notification Reports | Mass.gov
What is data breach? – Definition from WhatIs.com
Experian Data Breach FAQ | T-Mobile
Data protection External links:
GDPR – The General Data Protection Regulation
General Data Protection Regulation (GDPR) – microsoft.com
Google Privacy | Why data protection matters
National data protection authority External links:
“National data protection authority” on Revolvy.com
https://broom02.revolvy.com/topic/National data protection authority
[PDF]National Data Protection Authority – Other Government …
Human rights External links:
ohr | Office of Human Rights
DHRHome | NYS Human Rights
Human Rights Campaign (@HRC) | Twitter
Future of Privacy Forum External links:
Future of Privacy Forum
Director of Operations | Future of Privacy Forum
Consumer privacy External links:
Consumer Privacy Pledge | Privacy Policies | U.S. Bank
Consumer Privacy Pledge | Privacy Policies | U.S. Bank
U.S. Consumer Privacy Notice from Bank of America
GDPR External links:
Salesforce GDPR Compliance Page – Salesforce.com
GDPR Compliance Checklist | HubSpot
GDPR – The General Data Protection Regulation
Privacy Rights Clearinghouse External links:
Privacy Rights Clearinghouse :: Law360
Privacy Rights Clearinghouse – Privacy Rights Clearinghouse
Privacy Rights Clearinghouse – Posts | Facebook
One-stop shop External links:
City of New Orleans | One-Stop Shop Permitting & Licensing
One-Stop Shop – Investopedia
Right to be forgotten External links:
Right To Be Forgotten stories at Techdirt.
Google and the Right to Be Forgotten | The New Yorker
Right To Be Forgotten | Search Engine Land
European Parliament External links:
Search for a Member | MEPs | European Parliament
European Parliament – Home | Facebook
European Parliament Ambassador School Programme – …
Information Commissioner’s Office External links:
ICO Blog | The Information Commissioner’s Office
Information Commissioner’s Office – YouTube
Information Commissioner’s Office for Bermuda
Electronic Frontier Foundation External links:
Electronic Frontier Foundation Inc – GuideStar Profile
Privacy Badger | Electronic Frontier Foundation
Welcome! You’re confirmed! | Electronic Frontier Foundation
National Privacy Commission External links:
National Privacy Commission – YouTube
National Privacy Commission
National Privacy Commission – Home | Facebook
Electronic Privacy Information Center External links:
ELECTRONIC PRIVACY INFORMATION CENTER – …
European Union External links:
Erasmus+ KA2 Project funded by the European Union
European Union (EU) Export Certificate List
EUROPA – European Union website, the official EU website
Government gazette External links:
[PDF]Published in the Government Gazette, Date of …
http://veritaszim.net/sites/veritas_d/files/Public Procurement Act r.pdf
Government Jobs Private Jobs Government Gazette …
Sri Lanka Government Gazette Paper (Sinhala and Tamil)
Office of the Data Protection Supervisor External links:
Office of the Data Protection Supervisor – WOW.com