Which GDPR Requirements Do You Need to Meet?

50 %
50 %
Information about Which GDPR Requirements Do You Need to Meet?
Entertainment

Published on September 28, 2020

Author: kirkpatrickprice

Source: authorstream.com

slide 1: Europe Which GDPR Requirements Do You Need to Meet KirkpatrickPrice Innovation. Integrity. Delivered. slide 2: Article 24 - Responsibility of the Controller ❒ Demonstrate Appropriate Technical and Organizational Measures to Ensure Processing Compliance ❒ Review and Update Technical and Organizational Measures to Ensure Processing Compliance ❒ Policy Documentation of Technical and Organizational Measures Article 25 - Data Protection by Design and Default ❒ Appropriate Technical and Organizational Measures at Implementation and Processing ❒ Default Data Collection Measures to Obtain Minimum Necessary Data for Specific Purposes Article 26 - Joint Controllers ❒ Identification and Defined and Agreed Upon Responsibilities ❒ Joint Controller Arrangements Reflecting Roles and Relationships ❒ Notify Data Subjects of Joint Controller Arrangements Article 34 - Communication of a Personal Data Breach to the Data Subject ❒ Communication of a Personal Data Breach to the Data Subject ❒ Identification of High Risk Data Breaches and Communication to Data Subjects within Required Timeframes ❒ Clear and Plain Language of Breach Notifications to Data Subjects ❒ Exceptions to Data Subject Communication Requirements ❒ Data Breach Notification to Subjects Based on Supervisory Authority Request Article 35 - Data Protection Impact Assessment ❒ Conduct Data Protection Impact Assessment ❒ Seek Advice of Data Protection Officer ❒ Specific Circumstances Requiring Data Protection Impact Assessment ❒ Processing Operations that Require Data Protection Impact Assessment as Designated by Supervisory Authority ❒ Required Information for a Data Protection Impact Assessment ❒ Seeking Data Subject or Data Subject Representative Views ❒ Exceptions to Data Protection Impact Assessment Requirement Based on Law ❒ Change in Risk to Previous Data Protection Impact Assessment Article 36 - Prior Consultation ❒ Consulting Supervisory Authority Prior to High Risk Processing ❒ Required Content for Consulting with Supervisory Authority Requirements for Data Controllers: Article 28 - Processor ❒ Processor Guarantee of Appropriate Technical and Organizational Measures to Controllers ❒ Written Authorizations for Processor to Engage Other Processors ❒ Inform Controller of Changes to Other Processors ❒ Binding Written Contracts with Required Elements ❒ Standard of Data Protection of Other Processors ❒ Application of Standard Contract Clauses Article 29 - Processing Under the Authority of the Controller or Processor ❒ Processing Only Under the Authority of the Controller Requirements for Data Processors: KirkpatrickPrice Which GPDR Requirements Do You Need to Meet 1 of 4 slide 3: Requirements for Both Data Controllers and Data Processors: Article 2 - Material Scope Article 3 - Territorial Scope Article 5 - Processing of Personal Data ❒ Lawful Fair and Transparent ❒ Specified Explicit and Legitimate Purpose ❒ Only Data that is Adequate Relevant and Necessary ❒ Data Accuracy ❒ Data Retention ❒ Appropriate Security ❒ Demonstrable Compliance Article 6 - Processing of Personal Data ❒ Lawful Basis ❒ Additional Processing Article 7 - Conditions for Consent ❒ Demonstrable Consent in all Cases ❒ Clearly Distinguishable ❒ Withdrawal of Consent Article 8 - Conditions Applicable to Children ❒ Consent by Parental Figure Article 9 - Processing Special Categories ❒ Exceptions Justifying Processing Article 10 - Processing Criminal Data Article 11 - Processing Not Requiring Personal Identification Article 12 - Transparent Information Communication and Modalities for the Exercise of the Rights of the Data Subject ❒ Concise Transparent Intelligible and Easily Accessible Information ❒ Use of Plain Language ❒ Contained in the Required Formats ❒ Facilitating the Exercise of Data Subject Rights ❒ Required Timeframes for: ❒ Facilitating the Exercise of Rights ❒ Not Facilitating the Exercise of Rights ❒ Charging for the Exercise of Rights ❒ Verifying Requestor Identity Article 13 - Information to be Provided Where Personal Data is Collected from the Data Subject ❒ Information Required for the Data Subject at Point of Collection ❒ Additional Information Related to Fair Processing ❒ Information Related to Additional Processing Purposes ❒ When the Data Subject Already Received All Required Information Article 14 - Information to be Provided Where Personal Data Has Not Been Obtained from the Data Subject ❒ Information Required for the Data Subject ❒ Additional Information Related to Fair Processing ❒ Required Timeframes for Providing Information ❒ Information Related to Additional Processing Purposes ❒ When the Data Subject Already Received All Required Information Article 15 - Right of Access by the Data Subject ❒ Procedures for Granting Right to Access and Providing Required Information ❒ Information Regarding International Transfers ❒ Providing Copies of Data Fees and Formats Information KirkpatrickPrice Which GPDR Requirements Do You Need to Meet 2 of 4 slide 4: Requirements for Both Data Controllers and Data Processors continued: Article 16 - Right to Rectification ❒ Procedures to Rectify Inaccurate Personal Data and Complete Incomplete Data Article 17 - Right to Erasure “Right to be Forgotten” ❒ Procedures to Erase Personal Data within Required Timeframes Upon Legitimate Grounds for Erasure ❒ Informing Other Controllers of Erasure Requests ❒ Procedures for Denying Requests for Erasure Article 18 - Right to Restriction of Processing ❒ Procedures for Restricting Processing on Legitimate Grounds ❒ Consent for Processing Restricted Data ❒ Prior Notice for Removing Restrictions Article 19 - Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing ❒ Procedures for Communicating Rectification or Erasure to Relevant Third Parties Article 20 - Right to Portability ❒ Procedures for Providing Data to Data Subjects in a Structured Commonly Used and Machine-Readable Format ❒ Procedures for Transmitting Data to Another Controller Article 21 - Right to Object ❒ Procedures for Receiving Assessing and Complying with Objections to Processing ❒ Procedures for Receiving Objections to Direct Marketing ❒ Procedures for Complying with Objections to Direct Marketing ❒ Communicating the Right to Object to the Data Subject at First Communication Clearly from Other Communication ❒ Data Processing for Public Interest Article 22 - Automated Individual Decision-making Including Profiling ❒ Automated Decision Making Including Profiling ❒ Clear Basis for Automated Decision Making ❒ Human Intervention and Right to Object to Automated Decision-Making ❒ Special Categories of Data and Automated Decision-Making Article 23 - Restrictions ❒ Legal Restrictions to Obligations and Rights ❒ Clearly Known Defined and Understood Restrictions Article 27 - Representatives of Controllers or Processors Not Established in the European Union ❒ European Union Representative Designated in Writing ❒ Applicability of Designated Representative ❒ Location of Designated Representative ❒ Designated Representative Mandate Article 30 - Records of Processing Activities ❒ Maintaining Records of Processing Including Required Elements for Controllers ❒ Maintaining Records of Processing Including Required Elements for Processors ❒ Record Formats ❒ Availability to Supervisory Authorities ❒ Applicability of Maintaining Records of Processing Article 31 - Cooperation With the Supervisory Authority ❒ Processes for Cooperating with Supervisory Authorities Upon Request Article 32 - Security of Processing ❒ Risk Appropriate Technical and Organizational Measures to Ensure Data Security ❒ Evaluate Risk of Accidental or Unlawful Destruction Loss Alteration Unauthorized Disclosure or Access to Personal Data ❒ Consideration and Implementation of Available Approved Codes of Conduct ❒ Personnel Controls to Ensure Only Permitted Processing KirkpatrickPrice Which GPDR Requirements Do You Need to Meet 1 of 4 KirkpatrickPrice Which GPDR Requirements Do You Need to Meet 3 of 4 slide 5: Requirements for Both Data Controllers and Data Processors continued: Article 33 - Notification of a Personal Data Breach to the Supervisory Authority ❒ Controller Data Breach Notification Procedures Including Required Timeframes ❒ Processer Data Breach Notification to Controllers ❒ Breach Notification Required Content ❒ Further Provision of Information ❒ Documentation of Data Breaches Article 37 - Notification of a Personal Data Breach to the Supervisory Authority ❒ Requirements for Appointing a Data Protection Officer ❒ Data Protection Officer for Group of Undertakings ❒ Data Protection Officer for Group of Public Authorities ❒ Qualifications of Data Protection Officer ❒ Internal Employee or Contractor ❒ Publication and Communication of Contact Information of Data Protection Officer Article 38 - Position of Data Protection Officer ❒ Involvement of Data Protection Officer in Relevant Matters ❒ Adequate Resources for Data Protection Officer ❒ Independence of Data Protection Officer ❒ Processes for Data Subjects to Contact Data Protection Officer ❒ Secrecy and Confidentiality of Data Protection Officer Tasks ❒ Other Duties for Data Protection Officer and Conflict of Interest Article 39 - Tasks of Data Protection Officer ❒ Mandatory Tasks of Data Protection Officer ❒ Regard for Risk Article 44 - Tasks of Data Protection Officer ❒ Compliance with Principles Article 45 - Transfers on the Basis of an Adequacy Decision ❒ Identifying Countries Territories and Sectors with Adequate Levels of Protection Article 46 - Transfers Subject to Appropriate Safeguards ❒ Appropriate Safeguards for Transfers Without an Adequacy Decision Article 47 - Binding Corporate Rules ❒ Approval of Corporate Rules by Supervisory Authority ❒ Required Content Article 49 - Tasks of Data Protection Officer ❒ Exemptions from International Transfer Mechanism Requirements ❒ Assessment of Exemptions and Safeguards ❒ Documentation of Assessment and Safeguards KirkpatrickPrice Which GPDR Requirements Do You Need to Meet 4 of 4

Add a comment

Related presentations