Scribd Logo
Upload

Welcome to Scribd!

  • 32 views

    Section 2 Key Concepts GDPR Compliance Beginners

    Uploaded by

    Costel Pop
    The document discusses key concepts for achieving compliance with the General Data Protection Regulation (GDPR). It covers the definition of GDPR compliance and lines of defense, including requirements and controls, and why organizations should develop a GDPR compliance work plan. Specifically, it recommends that a work plan can help structure and break down compliance goals and processes into achievable tasks with defined actions to ensure an organization meets its obligations under the GDPR.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Section 2 Key Concepts GDPR Compliance Beginners

    Uploaded by

    Costel Pop
    32 views20 pages
    The document discusses key concepts for achieving compliance with the General Data Protection Regulation (GDPR). It covers the definition of GDPR compliance and lines of defense, including requirements and controls, and why organizations should develop a GDPR compliance work plan. Specifically, it recommends that a work plan can help structure and break down compliance goals and processes into achievable tasks with defined actions to ensure an organization meets its obligations under the GDPR.

    Original Description:

    ppt

    Original Title

    PPT+SECTION+2++KEY+CONCEPTS+GDPR+COMPLIANCE+BEGINNERS+

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses key concepts for achieving compliance with the General Data Protection Regulation (GDPR). It covers the definition of GDPR compliance and lines of defense, including requirements and controls, and why organizations should develop a GDPR compliance work plan. Specifically, it recommends that a work plan can help structure and break down compliance goals and processes into achievable tasks with defined actions to ensure an organization meets its obligations under the GDPR.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    32 views20 pages

    Section 2 Key Concepts GDPR Compliance Beginners

    Uploaded by

    Costel Pop
    The document discusses key concepts for achieving compliance with the General Data Protection Regulation (GDPR). It covers the definition of GDPR compliance and lines of defense, including requirements and controls, and why organizations should develop a GDPR compliance work plan. Specifically, it recommends that a work plan can help structure and break down compliance goals and processes into achievable tasks with defined actions to ensure an organization meets its obligations under the GDPR.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 20

    2

    CERTIFIED GDPR
    DATA PROTECTION
    COMPLIANCE
    FROM THEORY TO PRACTICE
    FOR BEGINNERS

    Professor drs mr Romeo Kadir MA MSc LLM (Adv.) LLM EMBA EMoC

    EU

    RDPP
    REGISTERED

    COURSE CODE | SP0-CDPC-CS1-20


    SECTION 2
    GDPR WORK PLAN ARCHITECTURE
    FROM GDPR THEORY TO PRACTICE

    COURSE CODE | SP0-CDPC-CS1-20


    GDPR WORK PLAN ARCHITECTURE

    COURSE CODE | SP0-CDPC-CS1-L1-20


    COURSE CODE | SP0-CDPC-CS1-20
    GDPR DATA PROCTECTION COMPLIANCE
    FROM THEORY TO PRACTICE FOR BEGINNERS
    SECTION 2
    SECTION 1
    GDPR WORK PLAN
    INTRODUCTION
    ARCHITECTURE
    FROM THEORY TO PRACTICE

    1.1 GDPR DATA PROTECTION 2.1 CONCEPT OF GDR


    COMPLIANCE COMPLIANCE LINES OF DEFENCE

    2.2 GDPR COMPLIANCE


    1.2 THREE LEVELS OF TRAINING
    REQUIREMENTS AND CONTROLS

    2.3 WHY A GDPR COMPLIANCE


    1.3 COURSE GOALS: FIND CLARITY
    WORK PLAN?

    2.4 BASIC DESIGN OF A GDPR


    1.4 SUCCESS FACTORS
    WORK PLAN

    COURSE CODE | SP0-CDPC-CS1-20


    COURSE CODE | SP0-CDPC-CS1-20
    KEY CONCEPTS OF GDPR COMPLIANCE
    ACTIVATING QUESTIONS IN THIS SECTION 2

    1 WHAT ARE KEY CONCEPTS IN GDPR COMPLIANCE?


    2 WHAT ARE THEIR PRACTICAL RATIONALES?

    EVALUATION METHOD
    Quiz

    COURSE CODE | SP0-CDPC-CS1-20


    TOPICS OF THIS LESSON 2.1

    DEFINITION OF GDPR COMPLIANCE & LINES OF GDPR DEFENCE

    TOPIC 2.1.1 DEFINITION OF GDPR COMPLIANCE


    TOPIC 2.1.2 LINES OF GDPR COMPLIANCE DEFENCE
    TOPIC 2.1.3 DEFINITION OF DATA SECURITY

    COURSE CODE | SP0-CDPC-CS1-20


    TOPIC 2.1.1

    DEFINITION OF GDPR COMPLIANCE


    GDPR Compliance = acting as per obligations pursuant to the GDPR
    Compliance Mechanism = any system or means for effectively promoting acting as per obligations pursuant to the GDPR

    EXAMPLES

    § Designing and implementing a GDPR Compliance Work Plan


    § Assignment of a Data Protection Officer (DPO)
    § Performing Data Protection Impact Assessments (DPIA)
    § Performing Privacy Risk Assessments
    § Performing Monitoring activities
    § Performing regular GDPR audits
    § Performing Information System Audit
    § GDPR Certification

    COURSE CODE | SP0-CDPC-CS1-20


    TOPIC 2.1.2

    LINES OF GDPR DEFENCE


    Line of GDPR Defence = Compliance Mechanism at different organisation levels to indicate for effective measures to
    assure compliance with GDPR obligations

    EXAMPLES

    Independent auditor (internal/external)

    Compliance/Risk management
    department

    GDPR risk awareness at the work floor

    COURSE CODE | SP0-CDPC-CS1-20


    TOPIC 2.1.3

    DEFINITION OF DATA SECURITY = SECURITY OF PROCESSING


    ARTICLE 32 GDPR

    Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes
    of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons,
    the controller and the processor shall implement appropriate technical and organisational measures to ensure
    a level of security appropriate to the risk, including inter alia as appropriate:

    (a) the pseudonymisation and encryption of personal data;


    (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and
    services;
    (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or
    technical incident;
    (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational
    measures for ensuring the security of the processing.
    COURSE CODE | SP0-CDPC-CS1-20
    TOPIC 1.1.3

    DEFINITION OF CYBER SECURITY

    Protection against a threat to the


    technical infrastructure of a cyber
    system which may lead to an
    alteration of its characteristics in Protection against a threat whose
    order to carry out activities which origin is from within cyberspace,
    were not intended by its owners, but may threaten either physical or
    designers or users cyber assets in a way which will
    Protection against the intended have a political, military or
    corruption of procedures or strategic gain for the attacker.
    workflows which will have results
    that were unintended by its owners, Protection against physical threats
    designers or users that can influence or affect the well-
    being of a cyber system.
    Protection against the threat of
    theft, deletion or alteration of
    stored or transmitted data within a
    cyber system.

    Source: https://www.enisa.europa.eu/publications/definition-of-cybersecurity

    COURSE CODE | SP0-CDPC-CS1-20


    TOPICS OF THIS LESSON 2.2

    GDPR COMPLIANCE REQUIREMENTS AND CONTROLS

    TOPIC 2.2.1 GDPR COMPLIANCE REQUIREMENTS


    TOPIC 2.2.2 GDPR COMPLIANCE CONTROLS
    TOPIC 2.2.3 GDPR DATA COMPLIANCE LIFE-CYCLE

    COURSE CODE | SP0-CDPC-CS1-20


    TOPIC 2.2.1

    GDPR COMPLIANCE REQUIREMENTS


    Requirement = Action needed (essential) to effectuate acting as per A GDPR obligation

    EXAMPLE Obligation pursuant to Article 5(1)(a) GDPR

    Obligation = Personal data shall be processed lawfully


    Requirement = Actual processing is checked to be lawful

    Action = Somebody in the organisation should check if the processing actually is lawful

    S PECIFIC
    Actions should be SMART M EASURABLE
    A CCEPTED
    R EALISTIC
    T IME RESTRICTED
    COURSE CODE | SP0-CDPC-CS1-20
    TOPIC 2.2.2

    GDPR COMPLIANCE CONTROLS


    GDPR Control = a process of interlocking activities that use properly designed policies and procedures
    which are preventive, detective, corrective, directive, corroborative to:

    1. Assure the achievement of compliance with obligations pursuant to the GDPR


    2. Achieve operational compliance effectiveness and efficiency
    3. Generate reliable (complete and accurate) compliance metrics

    EXAMPLES OF GDPR COMPLIANCE CONTROLS (which may change due to new regulations, policies and standards)

    1. Information Security Policies


    2. Cryptography
    3. Access control using 2-factor authentication
    4. Certifications
    COURSE CODE | SP0-CDPC-CS1-20
    TOPIC 2.2.3

    GDPR DATA COMPLIANCE LIFE-CYCLE

    COURSE CODE | SP0-CDPC-CS1-20


    TOPICS OF THIS LESSON 2.3

    WHAT IS A COMPLIANCE WORK PLAN?

    GDPR Compliance Work Plan =

    An outline (programme) of a set of GDPR compliance goals and processes by which an organisation or Data
    Protection Officer (DPO) can accomplish compliance with obligations pursuant to the GDPR.

    Through a GDPR Compliance Work Plan one can break down (structure) main processes into small, achievable
    tasks and identify the (SMART) defined actions a data controller is supposed to implement.

    Although it is also good practice to determine for the DPO (or the organisation) to draw up a “work plan”
    (recommendation of the EDPB, Guidelines DPO, Section 3.2, page 14), There are no specific requirements for this
    (free format).

    COURSE CODE | SP0-CDPC-CS1-20


    TOPICS OF THIS LESSON 2.3

    WHY DO YOU NEED A GDPR COMPLIANCE WORK PLAN?

    1. Recommended by the EDPB as a best practice

    2. Provides for a structure for planning and resourcing purposes

    3. Provides for a structure for monitoring purposes

    4. Provides for a basis for evaluation and actualisation

    5. Provides for a structure for management reporting

    6. Evidence for accountability purposes (demonstrate compliance by evidence)

    + more advantages?
    COURSE CODE | SP0-CDPC-CS1-20
    TOPICS OF THIS LESSON 2.4

    BASIC ARCHITECTURE OF A GDPR WORK PLAN

    IBM’s
    FRAMEWORK

    COURSE CODE | SP0-CDPC-CS1-20


    GDPR DATA PROCTECTION COMPLIANCE
    FROM THEORY TO PRACTICE FOR BEGINNERS
    SECTION 2
    SECTION 1
    GDPR WORK PLAN
    INTRODUCTION
    ARCHITECTURE
    FROM THEORY TO PRACTICE

    1.1 GDPR DATA PROTECTION 2.1 CONCEPT OF GDR


    COMPLIANCE COMPLIANCE LINES OF DEFENCE

    2.2 GDPR COMPLIANCE


    1.2 THREE LEVELS OF TRAINING
    REQUIREMENTS AND CONTROLS

    2.3 WHY A GDPR COMPLIANCE


    1.3 COURSE GOALS: FIND CLARITY
    WORK PLAN?

    2.4 BASIC DESIGN OF A GDPR


    1.4 SUCCESS FACTORS
    WORK PLAN

    COURSE CODE | SP0-CDPC-CS1-20


    COURSE CODE | SP0-CDPC-CS1-20
    GDPR DATA PROTECTION COMPLIANCE
    FROM THEORY TO PRACTICE FOR BEGINNERS

    SECTION 2 SECTION 4
    SECTION 1 SECTION 3
    GDPR WORK PLAN DATA SUBJECT RIGHTS
    INTRODUCTION PRINCIPLES OF PROCESSING
    ARCHITECTURE COMPLIANCE
    FROM THEORY TO PRACTICE
    FROM THEORY TO PRACTICE FROM THEORY TO PRACTICE

    SECTION 5 SECTION 6 SECTION 7 SECTION 8


    COMPLIANCE MECHANISMS TECHNICAL & TRANSFER OF PERSONAL DATA DAMAGES, ENFORCEMENT &
    FROM THEORY TO PRACTICE ORGANISATIONAL MEASURES TO 3RD COUNTRIES IOs BASIC WORK PLAN DESIGN
    FROM THEORY TO PRACTICE FROM THEORY TO PRACTICE FROM THEORY TO PRACTICE

    COURSE CODE | SP0-CDPC-CS1-20

    COURSE CODE | SP0-CDPC-CS1-20


    KEY CONCEPTS OF GDPR COMPLIANCE
    EVALUATION SECTION 2

    INSTRUCTIONS

    1 Read the information on the PPT slides of this section


    (provided as course material)
    2 Answer the quiz

    COURSE CODE | SP0-CDPC-CS1-20

    You might also like