What is involved in GDPR
Find out what the related areas are that GDPR connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a GDPR thinking-frame.
How far is your company on its GDPR journey?
Take this short survey to gauge your organization’s progress toward GDPR leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which GDPR related domains to cover and 213 essential critical questions to check off in that domain.
The following domains are covered:
GDPR, Information privacy law, Data protection, Spanish Data Protection Agency, Personal identifier, Article 29 Data Protection Working Party, Search warrant, Privacy-enhancing technologies, Danish Data Protection Agency, Federal Act on Data Protection, Canadian privacy law, Right to explanation, Personal information management, Privacy by Design, NOYB – European Center for Digital Rights, Right to privacy in New Zealand, Government gazette, Council of the European Union, Surveillance state, Privacy law in Denmark, Center for Democracy and Technology, Medical privacy, Right to privacy, European Commission Data Protection Officer, European Digital Rights, Privacy laws of the United States, European Commission, Privacy concerns with social networking services, European Union Agency for Network and Information Security, Office of the Australian Information Commissioner, Future of Privacy Forum, Personally identifiable information, Personality rights, European Economic Area, Consumer privacy, EPrivacy Regulation, Commission nationale de l’informatique et des libertés, Privacy in Australian law, Law Patent Group, Official Journal of the European Union, Data security, Privacy in English law, European Parliament, European Data Protection Supervisor, Privacy International, Data breach, Global surveillance, Expectation of privacy, Privacy law, National data protection authority, Internet privacy, GDPR, National data protection authorities, European Parliament Committee on Civil Liberties, Justice and Home Affairs, Directive 95/46/EC, European Union, Privacy engineering, Data Protection Commissioner, Mass surveillance, Federal Commissioner for Data Protection and Freedom of Information, Data portability, International business, Federal Data Protection and Information Commissioner, General Data Protection Regulation, Identity theft, Right to be forgotten, Workplace privacy, Google Spain v AEPD and Mario Costeja González, Data Protection Directive, Privacy Rights Clearinghouse, Baker & McKenzie, One-stop shop, National Privacy Commission, Swedish Data Protection Authority:
GDPR Critical Criteria:
Analyze GDPR quality and gather practices for scaling GDPR.
– If you have historically considered yourself to be a processor to avoid being directly subject to data protection laws, consider revisiting that conclusion. Might you be better off as a controller?
– Are you a data processor or a data controller processing personal data inside the EU or processing the personal data of EU citizens?
– My business operates across the Union. Do I still have to get advice from lots of local counsel?
– Data breach notification: what to do when your personal data has been breached?
– If we use an outsourced DPO; how often does he have to do a control?
– Do you have a process to provide data to individuals who ask?
– Are there any third parties that will act as representative?
– WILL WE NEED TO CERTIFY COMPLIANCE BY CERTIFICATION BODIES?
– How does the GDPR affect policy surrounding data breaches?
– SHOULD WE UPDATE THE INFORMATION GIVEN TO DATA SUBJECTS?
– Does your organization fall under the scope of the GDPR?
– Do you know which outsourcers have access to the data?
– What will the data protection reform do for citizens?
– What kind of information does the GDPR apply to?
– What rights do individuals have under the GDPR?
– What about Data Subjects under the age of 16?
– Which GDPR goals are the most important?
– What constitutes personal data?
– When will it come into force?
– What will drive GDPR change?
Information privacy law Critical Criteria:
Dissect Information privacy law projects and reinforce and communicate particularly sensitive Information privacy law decisions.
– Can we add value to the current GDPR decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
– What other organizational variables, such as reward systems or communication systems, affect the performance of this GDPR process?
– In what ways are GDPR vendors and us interacting to ensure safe and effective use?
Data protection Critical Criteria:
Grasp Data protection tactics and get answers.
– Privacy should not be an afterthought; a bolt-on sometime between the initial coding and delivery of a new system. It should be designed in from the start; peer-reviewed; tested and the data controller needs to be able to show that adequate security is in place; it is monitored; and that the strictest data protection policies will apply by default. If you design your own custom apps; are these the standards you work to? When deploying purchased systems; is privacy set at its tightest by default?
– Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Are additional principles and requirements necessary for IoT applications?
– We keep record of data and store them in cloud services; for example Google Suite. There are data protection tools provided and security rules can be set. But who has the responsibility for securing them – us or Google?
– Do you see the need to support the development and implementation of technical solutions that are enhancing data protection by design and by default?
– What are the data protection mechanisms to control access to data from external sources that temporarily have internal residence?
– Do you design data protection and privacy requirements into the development of your business processes and new systems?
– What are the disruptive GDPR technologies that enable our organization to radically change our business processes?
– What ITIL best practices, security and data protection standards and guidelines are in use by the cloud service provider?
– Do I have to do a Data Protection Impact Assessment under the GDPR?
– Can I dismiss someone once they become my data protection officer?
– Does my business need to appoint a Data Protection Officer (DPO)?
– DOES THE GDPR SET UP A CENTRAL EU DATA PROTECTION AUTHORITY?
– Do I have to appoint a Data Protection Officer for the GDPR?
– What qualifications does the data protection officer need?
– Do we have Data Protection Service Level Agreements?
– When must you appoint a data protection officer?
– What are the short and long-term GDPR goals?
– What is Data Protection?
Spanish Data Protection Agency Critical Criteria:
Air ideas re Spanish Data Protection Agency decisions and report on setting up Spanish Data Protection Agency without losing ground.
– How important is GDPR to the user organizations mission?
– What are the usability implications of GDPR actions?
– How can the value of GDPR be defined?
Personal identifier Critical Criteria:
Have a round table over Personal identifier governance and explain and analyze the challenges of Personal identifier.
– For your GDPR project, identify and describe the business environment. is there more than one layer to the business environment?
– Is there any existing GDPR governance structure?
– What is our GDPR Strategy?
Article 29 Data Protection Working Party Critical Criteria:
Gauge Article 29 Data Protection Working Party goals and arbitrate Article 29 Data Protection Working Party techniques that enhance teamwork and productivity.
– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to GDPR?
– Do the GDPR decisions we make today help people and the planet tomorrow?
– How likely is the current GDPR plan to come in on schedule or on budget?
Search warrant Critical Criteria:
Disseminate Search warrant results and define what do we need to start doing with Search warrant.
– To what extent does management recognize GDPR as a tool to increase the results?
– Who needs to know about GDPR ?
– Are there GDPR Models?
Privacy-enhancing technologies Critical Criteria:
Transcribe Privacy-enhancing technologies governance and look at the big picture.
– Are there any disadvantages to implementing GDPR? There might be some that are less obvious?
– How do we go about Securing GDPR?
– How do we Lead with GDPR in Mind?
Danish Data Protection Agency Critical Criteria:
Judge Danish Data Protection Agency failures and tour deciding if Danish Data Protection Agency progress is made.
– Will GDPR have an impact on current business continuity, disaster recovery processes and/or infrastructure?
– How do we know that any GDPR analysis is complete and comprehensive?
– What vendors make products that address the GDPR needs?
Federal Act on Data Protection Critical Criteria:
Investigate Federal Act on Data Protection goals and probe the present value of growth of Federal Act on Data Protection.
– What are the success criteria that will indicate that GDPR objectives have been met and the benefits delivered?
– What tools and technologies are needed for a custom GDPR project?
– Why are GDPR skills important?
Canadian privacy law Critical Criteria:
Illustrate Canadian privacy law adoptions and transcribe Canadian privacy law as tomorrows backbone for success.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a GDPR process. ask yourself: are the records needed as inputs to the GDPR process available?
– Who are the people involved in developing and implementing GDPR?
– How to deal with GDPR Changes?
Right to explanation Critical Criteria:
Mix Right to explanation outcomes and learn.
– What threat is GDPR addressing?
– Is GDPR Required?
Personal information management Critical Criteria:
Conceptualize Personal information management risks and shift your focus.
– Which customers cant participate in our GDPR domain because they lack skills, wealth, or convenient access to existing solutions?
– How do senior leaders actions reflect a commitment to the organizations GDPR values?
– How do we measure improved GDPR service perception, and satisfaction?
Privacy by Design Critical Criteria:
Have a session on Privacy by Design adoptions and spearhead techniques for implementing Privacy by Design.
– Do you follow privacy by design and privacy by default principles when designing new systems?
– How do we make it meaningful in connecting GDPR with what users do day-to-day?
– Does GDPR analysis show the relationships among important GDPR factors?
– Think of your GDPR project. what are the main functions?
– What is Privacy by Design?
NOYB – European Center for Digital Rights Critical Criteria:
Grade NOYB – European Center for Digital Rights failures and look at the big picture.
– Is maximizing GDPR protection the same as minimizing GDPR loss?
Right to privacy in New Zealand Critical Criteria:
Explore Right to privacy in New Zealand quality and work towards be a leading Right to privacy in New Zealand expert.
– How can we incorporate support to ensure safe and effective use of GDPR into the services that we provide?
– Are assumptions made in GDPR stated explicitly?
Government gazette Critical Criteria:
Chat re Government gazette adoptions and check on ways to get started with Government gazette.
– What is the total cost related to deploying GDPR, including any consulting or professional services?
Council of the European Union Critical Criteria:
Study Council of the European Union quality and intervene in Council of the European Union processes and leadership.
Surveillance state Critical Criteria:
Discuss Surveillance state issues and describe the risks of Surveillance state sustainability.
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about GDPR. How do we gain traction?
– Do GDPR rules make a reasonable demand on a users capabilities?
– What are specific GDPR Rules to follow?
Privacy law in Denmark Critical Criteria:
Detail Privacy law in Denmark quality and optimize Privacy law in Denmark leadership as a key to advancement.
– what is the best design framework for GDPR organization now that, in a post industrial-age if the top-down, command and control model is no longer relevant?
Center for Democracy and Technology Critical Criteria:
Test Center for Democracy and Technology leadership and simulate teachings and consultations on quality process improvement of Center for Democracy and Technology.
– What sources do you use to gather information for a GDPR study?
– What are all of our GDPR domains and what do they do?
Medical privacy Critical Criteria:
Rank Medical privacy failures and proactively manage Medical privacy risks.
– Do several people in different organizational units assist with the GDPR process?
– What are the long-term GDPR goals?
Right to privacy Critical Criteria:
Conceptualize Right to privacy leadership and secure Right to privacy creativity.
– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding GDPR?
– Do those selected for the GDPR team have a good general understanding of what GDPR is all about?
– What knowledge, skills and characteristics mark a good GDPR project manager?
European Commission Data Protection Officer Critical Criteria:
Set goals for European Commission Data Protection Officer decisions and figure out ways to motivate other European Commission Data Protection Officer users.
– What management system can we use to leverage the GDPR experience, ideas, and concerns of the people closest to the work to be done?
– Is GDPR Realistic, or are you setting yourself up for failure?
European Digital Rights Critical Criteria:
Discourse European Digital Rights issues and look for lots of ideas.
– What other jobs or tasks affect the performance of the steps in the GDPR process?
– How do we maintain GDPRs Integrity?
Privacy laws of the United States Critical Criteria:
Concentrate on Privacy laws of the United States tactics and maintain Privacy laws of the United States for success.
– Meeting the challenge: are missed GDPR opportunities costing us money?
– How do we keep improving GDPR?
European Commission Critical Criteria:
Disseminate European Commission decisions and describe the risks of European Commission sustainability.
– When a GDPR manager recognizes a problem, what options are available?
Privacy concerns with social networking services Critical Criteria:
Distinguish Privacy concerns with social networking services projects and overcome Privacy concerns with social networking services skills and management ineffectiveness.
– How do we Improve GDPR service perception, and satisfaction?
– Are we Assessing GDPR and Risk?
European Union Agency for Network and Information Security Critical Criteria:
Merge European Union Agency for Network and Information Security strategies and correct European Union Agency for Network and Information Security management by competencies.
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these GDPR processes?
– Is there a GDPR Communication plan covering who needs to get what information when?
– What are the record-keeping requirements of GDPR activities?
Office of the Australian Information Commissioner Critical Criteria:
Extrapolate Office of the Australian Information Commissioner risks and correct Office of the Australian Information Commissioner management by competencies.
– How do mission and objectives affect the GDPR processes of our organization?
– How can we improve GDPR?
Future of Privacy Forum Critical Criteria:
Check Future of Privacy Forum decisions and get out your magnifying glass.
– How is the value delivered by GDPR being measured?
Personally identifiable information Critical Criteria:
Graph Personally identifiable information visions and integrate design thinking in Personally identifiable information innovation.
– When sharing data, are appropriate procedures, such as sharing agreements, put in place to ensure that any Personally identifiable information remains strictly confidential and protected from unauthorized disclosure?
– Who will be responsible for deciding whether GDPR goes ahead or not after the initial investigations?
– Does the company collect personally identifiable information electronically?
– What is Personal Data or Personally Identifiable Information (PII)?
Personality rights Critical Criteria:
Depict Personality rights quality and reduce Personality rights costs.
– How do we Identify specific GDPR investment and emerging trends?
– Is Supporting GDPR documentation required?
European Economic Area Critical Criteria:
Gauge European Economic Area engagements and forecast involvement of future European Economic Area projects in development.
– Think about the kind of project structure that would be appropriate for your GDPR project. should it be formal and complex, or can it be less formal and relatively simple?
– Among the GDPR product and service cost to be estimated, which is considered hardest to estimate?
Consumer privacy Critical Criteria:
Boost Consumer privacy results and improve Consumer privacy service perception.
– What will be the consequences to the business (financial, reputation etc) if GDPR does not go ahead or fails to deliver the objectives?
– What tools do you use once you have decided on a GDPR strategy and more importantly how do you choose?
EPrivacy Regulation Critical Criteria:
Start EPrivacy Regulation decisions and drive action.
– What prevents me from making the changes I know will make me a more effective GDPR leader?
Commission nationale de l’informatique et des libertés Critical Criteria:
Deliberate over Commission nationale de l’informatique et des libertés adoptions and describe which business rules are needed as Commission nationale de l’informatique et des libertés interface.
– What are the top 3 things at the forefront of our GDPR agendas for the next 3 years?
– What is Effective GDPR?
Privacy in Australian law Critical Criteria:
Investigate Privacy in Australian law tactics and point out improvements in Privacy in Australian law.
– Have the types of risks that may impact GDPR been identified and analyzed?
Law Patent Group Critical Criteria:
Add value to Law Patent Group adoptions and pay attention to the small things.
– How do we ensure that implementations of GDPR products are done in a way that ensures safety?
– How will you measure your GDPR effectiveness?
Official Journal of the European Union Critical Criteria:
Accommodate Official Journal of the European Union planning and assess and formulate effective operational and Official Journal of the European Union strategies.
– Can we do GDPR without complex (expensive) analysis?
Data security Critical Criteria:
Systematize Data security governance and track iterative Data security results.
– Does the cloud solution offer equal or greater data security capabilities than those provided by your organizations data center?
– What are the minimum data security requirements for a database containing personal financial transaction records?
– Do these concerns about data security negate the value of storage-as-a-service in the cloud?
– What role does communication play in the success or failure of a GDPR project?
– What are the challenges related to cloud computing data security?
– So, what should you do to mitigate these risks to data security?
– Are accountability and ownership for GDPR clearly defined?
– Does it contain data security obligations?
– What is Data Security at Physical Layer?
– What is Data Security at Network Layer?
– How will you manage data security?
Privacy in English law Critical Criteria:
Devise Privacy in English law failures and catalog what business benefits will Privacy in English law goals deliver if achieved.
– Is GDPR dependent on the successful delivery of a current project?
European Parliament Critical Criteria:
Investigate European Parliament tasks and define European Parliament competency-based leadership.
– Do you monitor the effectiveness of your GDPR activities?
– How much does GDPR help?
European Data Protection Supervisor Critical Criteria:
Study European Data Protection Supervisor outcomes and clarify ways to gain access to competitive European Data Protection Supervisor services.
– Do we aggressively reward and promote the people who have the biggest impact on creating excellent GDPR services/products?
– What is our formula for success in GDPR ?
Privacy International Critical Criteria:
Design Privacy International visions and research ways can we become the Privacy International company that would put us out of business.
– Have all basic functions of GDPR been defined?
Data breach Critical Criteria:
Huddle over Data breach issues and test out new things.
– One day; you may be the victim of a data breach and need to answer questions from customers and the press immediately. Are you ready for each possible scenario; have you decided on a communication plan that reduces the impact on your support team while giving the most accurate information to the data subjects? Who is your company spokesperson and will you be ready even if the breach becomes public out of usual office hours?
– Have policies and procedures been established to ensure the continuity of data services in an event of a data breach, loss, or other disaster (this includes a disaster recovery plan)?
– What staging or emergency preparation for a data breach or E-Discovery could be established ahead of time to prepare or mitigate a data breach?
– Would you be able to notify a data protection supervisory authority of a data breach within 72 hours?
– Do you have a communication plan ready to go after a data breach?
– Are you sure you can detect data breaches?
– Who is responsible for a data breach?
– How can skill-level changes improve GDPR?
Global surveillance Critical Criteria:
Grade Global surveillance leadership and assess what counts with Global surveillance that we are not counting.
– Does our organization need more GDPR education?
Expectation of privacy Critical Criteria:
Investigate Expectation of privacy tactics and observe effective Expectation of privacy.
Privacy law Critical Criteria:
Track Privacy law visions and check on ways to get started with Privacy law.
– Have you considered what measures you will need to implement to ensure that the cloud provider complies with all applicable federal, state, and local privacy laws, including ferpa?
– Do you conduct an annual privacy assessment to ensure that you are in compliance with privacy laws and regulations?
National data protection authority Critical Criteria:
Deliberate National data protection authority management and probe using an integrated framework to make sure National data protection authority is getting what it needs.
Internet privacy Critical Criteria:
Survey Internet privacy tactics and optimize Internet privacy leadership as a key to advancement.
– Where do ideas that reach policy makers and planners as proposals for GDPR strengthening and reform actually originate?
– How will we insure seamless interoperability of GDPR moving forward?
GDPR Critical Criteria:
Discuss GDPR adoptions and look at the big picture.
– Assuming you are a data controller (someone who collects data; such as through a web site); you are responsible for the safe keeping of that data no matter who is handling it. You are ultimately responsible if a data processor (outsourcer or cloud provider) loses that data. Are you sure of their policies; procedures; and technology to keep it safe?
– In CRM we keep record of email addresses and phone numbers of our customers employees. Will we now need to ask for explicit permission to store them?
– Are a customers business phone number; business email address and business IP address also considered to be personal data?
– Do data processors need explicit or unambiguous data subject consent and what is the difference?
– Is there a document available online which lists everything that is considered personal data?
– Is the fine of 4% of annual worldwide turnover calculated on a group-wide basis?
– What does a controller need to do when it relies on data processors?
– Does the GDPR also apply if I use pseudonymous or encoded data?
– Is employee attendance also considered to be personal data?
– Can I carry out criminal record checks on employees?
– Can a company have contracts with more than one DPO?
– Does the GDPR make extra provisions for children?
– Is the breach high risk?
– What policies do I need?
– How do we do it?
National data protection authorities Critical Criteria:
Detail National data protection authorities adoptions and suggest using storytelling to create more compelling National data protection authorities projects.
– What are our best practices for minimizing GDPR project risk, while demonstrating incremental value and quick wins throughout the GDPR project lifecycle?
– In a project to restructure GDPR outcomes, which stakeholders would you involve?
European Parliament Committee on Civil Liberties, Justice and Home Affairs Critical Criteria:
Infer European Parliament Committee on Civil Liberties, Justice and Home Affairs governance and maintain European Parliament Committee on Civil Liberties, Justice and Home Affairs for success.
– What are the Key enablers to make this GDPR move?
Directive 95/46/EC Critical Criteria:
Have a session on Directive 95/46/EC management and report on developing an effective Directive 95/46/EC strategy.
– Who will be responsible for documenting the GDPR requirements in detail?
European Union Critical Criteria:
Match European Union failures and customize techniques for implementing European Union controls.
– Are there any easy-to-implement alternatives to GDPR? Sometimes other solutions are available that do not require the cost implications of a full-blown project?
– Will GDPR deliverables need to be tested and, if so, by whom?
Privacy engineering Critical Criteria:
Cut a stake in Privacy engineering outcomes and describe which business rules are needed as Privacy engineering interface.
– What is the source of the strategies for GDPR strengthening and reform?
Data Protection Commissioner Critical Criteria:
Understand Data Protection Commissioner results and create Data Protection Commissioner explanations for all managers.
– At what point will vulnerability assessments be performed once GDPR is put into production (e.g., ongoing Risk Management after implementation)?
– Does GDPR appropriately measure and monitor risk?
Mass surveillance Critical Criteria:
Adapt Mass surveillance engagements and find out what it really means.
– Who will be responsible for making the decisions to include or exclude requested changes once GDPR is underway?
Federal Commissioner for Data Protection and Freedom of Information Critical Criteria:
Design Federal Commissioner for Data Protection and Freedom of Information leadership and ask what if.
– What are the business goals GDPR is aiming to achieve?
Data portability Critical Criteria:
Discuss Data portability failures and simulate teachings and consultations on quality process improvement of Data portability.
– Do you know how you will comply with the new rights: the right to be rorgotten, the right to data portability and the right to object to profiling?
– The right to data portability is complimentary – is a bank obliged to provide me with information free of charge?
International business Critical Criteria:
Collaborate on International business decisions and frame using storytelling to create more compelling International business projects.
– Does GDPR create potential expectations in other areas that need to be recognized and considered?
– How does the organization define, manage, and improve its GDPR processes?
– Organizational structure for international business?
Federal Data Protection and Information Commissioner Critical Criteria:
Do a round table on Federal Data Protection and Information Commissioner projects and use obstacles to break out of ruts.
General Data Protection Regulation Critical Criteria:
Steer General Data Protection Regulation planning and assess and formulate effective operational and General Data Protection Regulation strategies.
– Do we monitor the GDPR decisions made and fine tune them as they evolve?
– What potential environmental factors impact the GDPR effort?
Identity theft Critical Criteria:
Be clear about Identity theft management and know what your objective is.
– Identity theft could also be an inside job. Employees at big companies that host e-mail services have physical access to e-mail accounts. How do you know nobodys reading it?
– What are your key performance measures or indicators and in-process measures for the control and improvement of your GDPR processes?
Right to be forgotten Critical Criteria:
Inquire about Right to be forgotten tasks and raise human resource and employment practices for Right to be forgotten.
– Is the right to be forgotten absolute? If a customer orders goods; and I need his information to complete the order; do I have to delete that information upon request?
– How far into the backup and archive history do the right to be forgotten requirements apply?
– Is there an (absolute) right to be forgotten under existing law?
Workplace privacy Critical Criteria:
Troubleshoot Workplace privacy decisions and oversee Workplace privacy management by competencies.
Google Spain v AEPD and Mario Costeja González Critical Criteria:
See the value of Google Spain v AEPD and Mario Costeja González tactics and tour deciding if Google Spain v AEPD and Mario Costeja González progress is made.
Data Protection Directive Critical Criteria:
Model after Data Protection Directive strategies and look at it backwards.
– What are the barriers to increased GDPR production?
Privacy Rights Clearinghouse Critical Criteria:
Probe Privacy Rights Clearinghouse projects and display thorough understanding of the Privacy Rights Clearinghouse process.
Baker & McKenzie Critical Criteria:
Contribute to Baker & McKenzie goals and explain and analyze the challenges of Baker & McKenzie.
One-stop shop Critical Criteria:
Illustrate One-stop shop issues and describe the risks of One-stop shop sustainability.
– Is the scope of GDPR defined?
National Privacy Commission Critical Criteria:
Conceptualize National Privacy Commission management and work towards be a leading National Privacy Commission expert.
– What are your current levels and trends in key measures or indicators of GDPR product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?
– Who is the main stakeholder, with ultimate responsibility for driving GDPR forward?
– Why is it important to have senior management support for a GDPR project?
Swedish Data Protection Authority Critical Criteria:
Prioritize Swedish Data Protection Authority outcomes and sort Swedish Data Protection Authority activities.
– How do you determine the key elements that affect GDPR workforce satisfaction? how are these elements determined for different workforce groups and segments?
– Who will provide the final approval of GDPR deliverables?
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the GDPR Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
GDPR External links:
GDPR – The General Data Protection Regulation
GDPR Compliance Checklist | HubSpot
GDPR consent examples and innovative methods to opt-in
Information privacy law External links:
The Textbooks – Information Privacy Law
Data protection External links:
Google Privacy | Why data protection matters
Office of Privacy and Data Protection
Personal identifier External links:
Personal Identifier Confidentiality – New York State Assembly
[PDF]Personal Identifier Reference List – Hamilton County …
Confidential Personal Identifier Forms – Supreme Court of Ohio
Privacy-enhancing technologies External links:
Privacy-Enhancing Technologies – Computer and …
Danish Data Protection Agency External links:
Danish Data Protection Agency – Revolvy
https://www.revolvy.com/topic/Danish Data Protection Agency
Danish Data Protection Agency – Official Site
Federal Act on Data Protection External links:
Federal Act on Data Protection – Magarental
FADP abbreviation stands for Federal Act on Data Protection
Federal Act on Data Protection (FADP) – admin.ch
Canadian privacy law External links:
canadian privacy law Pictures, Images & Photos | Photobucket
http://photobucket.com/images/canadian privacy law
Foreign Companies and Canadian Privacy Law
Personal information management External links:
Consentric | One Place for Personal Information Management
Privacy by Design External links:
GDPR Privacy by Design made simple
[PDF]Privacy by Design (PbD) – South Carolina
https://admin.sc.gov/files/PPU-2017-04 Privacy by Design.pdf
GDPR: Privacy by Design at Workday – Workday Blog
Right to privacy in New Zealand External links:
Right to privacy in New Zealand – pediaview.com
Right to privacy in New Zealand – WOW.com
Right to privacy in New Zealand – update.revolvy.com
https://update.revolvy.com/topic/Right to privacy in New Zealand
Government gazette External links:
Government Jobs Private Jobs Government Gazette …
Greece | Government Gazette
Council of the European Union External links:
Council of the European Union – Home | Facebook
1 JULY 2017 – 31 DECEMBER 2017 Programme of the Estonian Presidency of the Council of the European Union
http://[PDF]Council of the European Union (OR. en) 15966/17 …
[PDF]Council of the European Union (OR. en) 15966/17 …
Surveillance state External links:
OffNow – Shut Down the Surveillance State
Privacy law in Denmark External links:
Privacy law in Denmark – Revolvy
https://broom02.revolvy.com/topic/Privacy law in Denmark
Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet (The Danish Data Protection Agency) based mainly upon the Act on Processing of Personal Data.
Center for Democracy and Technology External links:
Center for Democracy and Technology – P2P Foundation
Center for Democracy and Technology | TheHill
Medical privacy External links:
Medical Privacy – Workplace Fairness
Right to privacy External links:
Right to Privacy – Shmoop
Right to Privacy: Constitutional Rights & Privacy Laws
Confidentiality & Right to Privacy :: Title IX
European Digital Rights External links:
European Digital Rights • r/EDRi – reddit
European Digital Rights | kracktivist
European Digital Rights | EuroRights.org
Privacy laws of the United States External links:
Lyrics containing the term: privacy laws of the united states
https://www.lyrics.com/lyrics/privacy laws of the united states
European Commission External links:
European Commission (@EU_Commission) | Twitter
Office of the Australian Information Commissioner External links:
Office of the Australian Information Commissioner – Facebook
Future of Privacy Forum External links:
Future of Privacy Forum
Director of Operations | Future of Privacy Forum
Personally identifiable information External links:
Personally Identifiable Information (PII)
Personally Identifiable Information (PII) – RMDA
Personality rights External links:
Chapter 63.60 RCW: PERSONALITY RIGHTS
European Economic Area External links:
The appeal of the European Economic Area for the UK
[PDF]European Economic Area Data Processing Addendum
Consumer privacy External links:
Consumer Privacy | American Civil Liberties Union
Consumer Privacy Pledge | Privacy Policies | U.S. Bank
U.S. Consumer Privacy Notice from Bank of America
EPrivacy Regulation External links:
Difference between GDPR and ePrivacy regulation
EU ePrivacy Regulation – IAPP
GDPR and ePrivacy Regulation explainer & analysis | PageFair
Privacy in Australian law External links:
Privacy in Australian law – iSnare Free Encyclopedia
Privacy in Australian law – Revolvy
https://www.revolvy.com/topic/Privacy in Australian law
Law Patent Group External links:
Stoneman Law Patent Group – Home | Facebook
Mary Warinner | Lynch Law Patent Group P.C | ZoomInfo.com
stoneman law patent group – Reviews – Photos – Phone Number
Official Journal of the European Union External links:
[PDF]8.6.2017 EN Official Journal of the European Union C 180/5
[PDF]L 102/48 Official Journal of the European Union 7.4
Data security External links:
What is data security – answers.com
Data Security from Multiple Levels of Protection | H&R Block®
FedEx Data Security Upgrade
Privacy in English law External links:
Privacy in English Law Flashcards | Quizlet
Privacy in English law – broom02.revolvy.com
https://broom02.revolvy.com/topic/Privacy in English law
The Right to Privacy in English Law
European Parliament External links:
European Parliament (@Europarl_EN) | Twitter
Search for a Member | MEPs | European Parliament
European Data Protection Supervisor External links:
European Data Protection Supervisor – YouTube
European Data Protection Supervisor (EDPS) | Inside Privacy
News – European Data Protection Supervisor
Privacy International External links:
Yahoo Privacy International
Privacy International – YouTube
Privacy International – Home | Facebook
Data breach External links:
[PDF]Data Breach Response Guide – Experian
What is data breach? – Definition from WhatIs.com
Global surveillance External links:
Global Surveillance Systems Inc.
global surveillance « Jesus Christ Is Lord
Module 2: WHO and CDC Global Surveillance Systems
Privacy law External links:
Privacy Law & HIPAA Flashcards | Quizlet
Internet privacy External links:
Internet Privacy | Computer Privacy | Microsoft Privacy
GDPR External links:
GDPR consent examples and innovative methods to opt-in
GDPR Compliance Checklist | HubSpot
Salesforce GDPR Compliance Page – Salesforce.com
Directive 95/46/EC External links:
[PDF]E.U. Data Protection Directive 95/46/EC – …
European Union External links:
European Union (EU) Export Certificate List
European Union in Zambia – Home | Facebook
EUROPA – European Union website, the official EU website
Privacy engineering External links:
Privacy Engineering | CSRC
Data Protection Commissioner External links:
Office of the Data Protection Commissioner – Home | Facebook
Data Protection Commissioner Ireland (@DPCIreland) | …
Mass surveillance External links:
Fight 215: Stop the Patriot Act’s Mass Surveillance
International business External links:
http://International business consists of trades and transactions at a global level. These include the trade of goods, services, technology, capital and/or knowledge. It involves cross-border transactions of goods and services between two or more countries. Transactions of economic resources include capital, skills, and people for the purpose of the international production of physical goods and services such as finance, banking, insurance, and construction. International business is also known as globalization. Globalization refers to the international trade between countries, which in turn refers to the tendency of international trade, investments, information technology and outsourced manufacturing to weave the economies of diverse countries together. To conduct business overseas, multinational companies need to separate national markets into one global marketplace. In essence there are two macro factors that underline the trend of greater globalization. The first macro-factor consists of eliminating barriers to make cross-border trade easier, such as the free flow of goods and services, and capital. The second macro-factor is technological change, particularly developments in communication, information processing, …
International Business College – Official Site
General Data Protection Regulation External links:
GDPR – The General Data Protection Regulation
General Data Protection Regulation (GDPR) – microsoft.com
Identity theft External links:
Identity Theft Protection Service | Protect My ID
Land Title: Identity Theft
Identity Theft | Consumer Information
Right to be forgotten External links:
Right To Be Forgotten | Search Engine Land
Right to be forgotten – ReputationDefender UK
“Right to be forgotten” – Do cool things that matter!
Workplace privacy External links:
Definition of Workplace Privacy | Chron.com
Workplace Privacy + Solutions for the Open Office Environment
Workplace Privacy | American Civil Liberties Union
Google Spain v AEPD and Mario Costeja González External links:
Google Spain v AEPD and Mario Costeja González – WOW.com
Google Spain v AEPD and Mario Costeja González
Data Protection Directive External links:
Data Protection Directive | E-crime Expert blog
EU Data Protection Directive – IAPP
European Union Data Protection Directive Privacy Statement
Privacy Rights Clearinghouse External links:
Privacy Rights Clearinghouse – Privacy Rights Clearinghouse
Privacy Rights Clearinghouse
Privacy Rights Clearinghouse :: Law360
One-stop shop External links:
One-Stop Shop – Investopedia
City of New Orleans | One-Stop Shop Permitting & Licensing
National Privacy Commission External links:
National Privacy Commission – Home | Facebook
National Privacy Commission, Diliman, Quezon City, Philippines. 46K likes. National Privacy Commission — protecting the right to privacy in the digital age.
National Privacy Commission
Swedish Data Protection Authority External links:
Swedish Data Protection Authority – WOW.com
Swedish Data Protection Authority – Revolvy
https://update.revolvy.com/topic/Swedish Data Protection Authority