About the GDPR
Proper application of data protection legislation involves knowledge of obligations and requirements to comply with. Interpretation details, clarifications of the supervisory authorities and suggestions are essential, also to assess the extent of the obligations which controllers and processors shall comply with and what exemptions are applicable.
The aim is to provide insights into the most common topics which can be summarised as follows:
2. principle of accountability: demonstrating compliance with the GDPR
3. knowledge of the principles relating to processing of personal data and the lawfulness of processing: what these principles mean and what procedures apply
4. knowledge and application of information to be provided to the data subject and how to deal with the rights of data subjects
5. implementation of procedures of data protection by design and by default and how to carry out a risk assessment which may imply the obligation of an impact assessment and, where required, of the prior consultation of the supervisory authority: these are the essential steps to fulfil the GDPR requirements, assessing whether data processing may be carried out and under what conditions
6. Data Protection Officer: tasks, professional qualities, responsibility and designation, whether a staff member or an external subject
7. processor: how to select (professional requirements) and designate it, liability, contract binding on the processor with regard to the controller, written instructions, engagement of sub-processors
8. processing under the authority of the controller or processor (persons authorised to data processing): who they are and how they shall be designated, what rules shall be imposed on them
9. Records of processing activities: what they are, what they shall contain and how to keep them and who shall keep them
10. management of events of data breach: when they occur, when they shall be notified to the supervisory authority and communicated to the data subject and what these notifications and communications shall contain
11. adherence to codes of conduct and to certification mechanisms: what they are and why they are important
12. how to organise the transfer of personal data to third countries or international organisations: safeguards, contractual clauses, decisions of supervisory authorities and European Union bodies.
Lastly, non-compliance with the GDPR requirements may result in administrative fines and penalties and data subjects have the right to compensation for the damage which they have suffered.
Legislation is on on-going evolution, also waiting for implementing acts, so it is essential to be updated. Important news can be known directly by browsing this website or signing up to the newsletter.
To learn more, click on the subject of interest, read FAQs or contact me.
Leave a Reply