General Data Protection Regulation: First Aid for Companies and Associations

Name: General Data Protection Regulation: First Aid for Companies and Associations | The Immediate Action Package for Germany
Brand: C.H.BECK
Price: 19.99 EUR
Availability: OnlineOnly

The Immediate Action Package for Germany

the Data Protection Authority of Bavaria for the Private Sector(Herausgeber*in)

C.H.BECK (Verlag)

1. Auflage

Erschienen am 2. Juli 2018

63 Seiten

E-Book

PDF mit Wasserzeichen-DRM

Systemvoraussetzungen

978-3-406-72906-5 (ISBN)

19,99 €inkl. 7% MwSt.

Systemvoraussetzungen

für PDF mit Wasserzeichen-DRM

E-Book Einzellizenz

Als Download verfügbar

Beschreibung

General Data Protection Regulation: First Aid

What do organisations that hold or process personal data need to know? From 25th May, 2018, the European Union's General Data Protection Regulation, GDPR for short, applies. It creates a completely new basis for all data protection in the European Union. The fines for breaches have been drastically increased.

In addition to large enterprises and other types of large scale organisation, small companies or free-lancers, small associations, clubs, societies and non-profit making organisations in many shapes and forms are entrusted with a lot of personal data - be it customer or client data, member data, employee data, or supplier data. Clubs and associations often have documentation that allows deep insights into the personal situation of their members. All organisations which hold or process this type of data are defined as "controllers" under the GDPR. It is therefore essential for the respective "controllers" to know the requirements of the GDPR.

This publication informs you concisely and clearly regarding the content and the mandatory requirements relating to data processing in the GDPR. In particular it answers the following questions:

- Which data is covered by data protection?
- Is it necessary to nominate a Data Protection Officer?
- Which obligations to provide information must be fulfilled proactively?
- What information needs to be included in the records of data processing activities?
- When is it permissible to forward data to other persons or organisations?
- Which special requirements are there for photographs on your own website?

Templates and check lists help you prepare and implement the legal requirements of the General Data Protection Regulation. Numerous examples demonstrate legal pitfalls and how to avoid them.

This publication is aimed at owners of small companies, those responsible for data protection within small companies, chairpersons and members of clubs or associations and many other types of non-profit making organisation, as well as anyone else who wishes to gain a quick overview of the requirements of the data protection legislation.

About the authors
This publication was created by data protection experts. Dr. Eugen Ehmann is Vice-President of Central Franconia (Bavaria) and co-author of Ehmann/Selmayr, Kommentar zur DS-GVO (Commentary on the GDPR). Thomas Kranig is President of the Data Protection Authority of Bavaria for the Private Sector.

Weitere Details

Personen

Inhalt

1 - Cover [Seite 1]
2 - About the content / About the authors [Seite 2]
3 - Title [Seite 3]
4 - Foreword [Seite 4]
5 - Table of Contents [Seite 5]
6 - Chapter 1: Scope of the General Data Protection Regulation (GDPR)???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 9]
7 - Chapter 2: First Steps?????????????????????????????????????????????????????????? [Seite 10]
8 - Chapter 3: Records of Processing Activities???????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 12]
8.1 - 1. Duty to establish documentation?????????????????????????????????????????????????????????????????????????????????? [Seite 12]
8.2 - 2. Exemption from the duty to establish documentation???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 12]
8.3 - 3. Submission of records?????????????????????????????????????????????????????????????? [Seite 12]
8.4 - 4. Form of records?????????????????????????????????????????????????? [Seite 12]
8.5 - 5. Updating the records???????????????????????????????????????????????????????????? [Seite 12]
8.6 - 6. Content of records???????????????????????????????????????????????????????? [Seite 12]
8.7 - 7. Extended records???????????????????????????????????????????????????? [Seite 13]
8.8 - 8. Template for records of processing activities?????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 13]
9 - Chapter 4: Principles of Processing Personal Data???????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 21]
9.1 - 1. Prohibited unless authorised???????????????????????????????????????????????????????????????????????????? [Seite 21]
9.2 - 2. Lawfulness???????????????????????????????????????? [Seite 21]
9.3 - 3. Purpose limitation???????????????????????????????????????????????????????? [Seite 22]
9.4 - 4. Accuracy of the data???????????????????????????????????????????????????????????? [Seite 22]
9.5 - 5. Necessity of storage???????????????????????????????????????????????????????????? [Seite 22]
9.6 - 6. Principle of accountability?????????????????????????????????????????????????????????????????????????? [Seite 23]
10 - Chapter 5: Processing on Behalf of a Controller???????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 24]
10.1 - 1. The limits of "processing on behalf of a controller"???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 24]
10.2 - 2. Selection of processor???????????????????????????????????????????????????????????????? [Seite 24]
10.3 - 3. Contractual provisions???????????????????????????????????????????????????????????????? [Seite 24]
10.4 - 4. Supervisory rights???????????????????????????????????????????????????????? [Seite 24]
10.5 - 5. Ending the processing on behalf of a controller?????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 24]
11 - Chapter 6: Security of the Processing???????????????????????????????????????????????????????????????????????????????????????? [Seite 25]
11.1 - 1. IT security?????????????????????????????????????????? [Seite 25]
11.2 - 2. Protection aims of IT security???????????????????????????????????????????????????????????????????????????????? [Seite 25]
11.3 - 3. IT security as a top level management issue?????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 26]
11.4 - 4. Management of rights and permissions???????????????????????????????????????????????????????????????????????????????????????????? [Seite 27]
11.5 - 5. Identifying and addressing risks???????????????????????????????????????????????????????????????????????????????????? [Seite 27]
11.6 - 6. Everyday encryption?????????????????????????????????????????????????????????? [Seite 28]
11.7 - 7. Patch management???????????????????????????????????????????????????? [Seite 29]
11.8 - 8. Using email communication correctly?????????????????????????????????????????????????????????????????????????????????????????? [Seite 29]
11.9 - 9. Blocking malware: backups?????????????????????????????????????????????????????????????????????? [Seite 29]
11.10 - 10. Impeding and barring access???????????????????????????????????????????????????????????????????????????? [Seite 30]
11.11 - 11. Typical misconceptions about IT security?????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 30]
12 - Chapter 7: Data Protection Officer?????????????????????????????????????????????????????????????????????????????????? [Seite 32]
12.1 - 1. Purpose of nomination of a Data Protection Officer???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 32]
12.2 - 2. Duty of nomination???????????????????????????????????????????????????????? [Seite 32]
12.3 - 3. Voluntary nomination of a Data Protection Officer?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 35]
12.4 - 4. Nomination of an internal or external Data Protection Officer?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 35]
12.5 - 5. Formal requirements for nomination???????????????????????????????????????????????????????????????????????????????????????? [Seite 35]
12.6 - 6. Duties of the Data Protection Officer?????????????????????????????????????????????????????????????????????????????????????????????? [Seite 37]
12.7 - 7. Informing the supervisory authority?????????????????????????????????????????????????????????????????????????????????????????? [Seite 37]
12.8 - 8. Publication of contact details of the Data Protection Officer?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 39]
13 - Chapter 8: Rights of Data Subjects (Data Subject Rights)?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 40]
13.1 - 1. Transparent information?????????????????????????????????????????????????????????????????? [Seite 40]
13.2 - 2. The right to access?????????????????????????????????????????????????????????? [Seite 40]
13.3 - 3. Rectification, erasure and limitation of processing?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 41]
13.4 - 4. Data portability???????????????????????????????????????????????????? [Seite 41]
13.5 - 5. Right to object to the processing?????????????????????????????????????????????????????????????????????????????????????? [Seite 41]
13.6 - 6. The right not to be subject to decisions based on automated processing???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 42]
13.7 - 7. In summary???????????????????????????????????????? [Seite 42]
14 - Chapter 9: Personal Data Breach???????????????????????????????????????????????????????????????????????????? [Seite 43]
14.1 - 1. Overview of the regulations?????????????????????????????????????????????????????????????????????????? [Seite 43]
14.2 - 2. Clarification of the term "personal data breach"???????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 43]
14.3 - 3. Obligation to notify the supervisory authority???????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 44]
14.4 - 4. Duty of communication of a personal data breach to the data subject?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 45]
14.5 - 5. Details on communication to the data subject???????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 46]
15 - Chapter 10: Sanctions and Liability???????????????????????????????????????????????????????????????????????????????????? [Seite 47]
15.1 - 1. Overview???????????????????????????????????? [Seite 47]
15.2 - 2. Fines stipulated in the Regulation???????????????????????????????????????????????????????????????????????????????????????? [Seite 47]
15.3 - 3. Compensation and liability???????????????????????????????????????????????????????????????????????? [Seite 47]
16 - Chapter 11: Requirements Concerning your own Enterprise Structure???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 48]
16.1 - 1. Implementation of accountability???????????????????????????????????????????????????????????????????????????????????? [Seite 48]
16.2 - 2. Requirements???????????????????????????????????????????? [Seite 48]
16.3 - 3. Responsibility for data protection issues?????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 48]
16.4 - 4. Defining a cycle for checking data protection issues???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 48]
17 - Chapter 12: Co-operation with the Supervisory Authority???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 49]
17.1 - 1. Entitlements vis-à-vis the supervisory authority???????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 49]
17.2 - 2. Responsibilities and powers of the supervisory authorities???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 49]
18 - Chapter 13: Dealing with Photographs in the Internet?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 50]
18.1 - 1. Technical background???????????????????????????????????????????????????????????? [Seite 50]
18.2 - 2. Legal background???????????????????????????????????????????????????? [Seite 50]
18.3 - 3. Images on websites of enterprises?????????????????????????????????????????????????????????????????????????????????????? [Seite 52]
18.4 - 4. Images on websites of associations???????????????????????????????????????????????????????????????????????????????????????? [Seite 55]
19 - Chapter 14: Questionnaire: Implementation of the GDPR for Small Enterprises and Associations?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 58]
20 - Appendix. List of Definitions, Templates and Link List?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? [Seite 61]
20.1 - 1. Definitions?????????????????????????????????????????? [Seite 61]
20.2 - 2. Templates?????????????????????????????????????? [Seite 61]
20.3 - 3. Link list?????????????????????????????????????? [Seite 61]
21 - Index???????????????????????? [Seite 62]
22 - Imprint [Seite 64]

Inhalt (PDF)

Systemvoraussetzungen

Als PDF speichern Als Link merken