středa 4. října 2017

GDPR Clarity: 19 Frequently Asked Questions Answered

GDPR Clarity: 19 Frequently Asked Questions Answered
Bart Willemsen - 29 August 2017
Clánek najdete na portálu gartner.com na adrese: http://tinyurl.com/y9ynobqh
Cituji vybrané části textu: "Though a data protection regulation, there are few prescribed technological requirements; rather, application of technology under the regulation is based on privacy risk. There is still a lack of detailed operational regulatory guidance, while vendors and internal business stakeholders overwhelm SRM leaders with their own interpretation. This makes it difficult for SRM leaders to prioritize actions, and balance not enough versus too much. The European General Data Protection Regulation has impact far beyond the EU alone. Security and risk management leaders can't "go at it alone," but must involve a multidisciplinary team to translate requirements and prioritize risk mitigation actions by using these FAQs."
Osnova článku - otázky
- Recommendations
- Strategic Planning Assumptions
- Analysis
- Basic Introduction of Scope and Applicability
- What is a controller and what is a processor?
- What is personal data? Is the GDPR about security or about privacy?
- What is "processing" of personal data?
- Does the GDPR apply to us?
- 10 Steps Toward GDPR Compliance
-- 1. Who in the organization is responsible for compliance?
-- 2. How to determine legal grounds and processing purpose?
-- 3. What personal data can I process?
-- 4. Should we prepare for data subjects to exercise their rights?
-- 5. Is there anything special about consent?
-- 6. What should I include in my privacy notice?
-- 7. What is a data protection officer (DPO) and do I have to appoint one?
-- 8. We operate in multiple member states; do we have to contact all the 28 data protection authorities?
-- 9. Will we be fined for a data breach?
-- 10. Who can help to protect our data per the GDPR?
- Additional Questions
-- Should I move my data centers to Europe, and what about cross-border data transfers?
-- Does encrypting everything exempt me from having to comply?
-- How is masking useful?
-- How does cloud technology relate to the GDPR?
-- Are mobile devices covered by the GDPR?
Source: Gartner Research Note G00333107, Bart Willemsen, 29 August 2017
Reproduction or distribution of this publication in any form without Gartner's prior written permission is forbidden.