אנו משתמשים ב-Cookies כדי לשפר את החוויה שלך. כדי לקיים ההנחיה החדשה של e-Privacy, עלינו לבקש את הסכמתך להגדיר את ה-Cookies. קבלת מידע נוסף.
478.00 ₪
Data Privacy and GDPR Handbook
478.00 ₪
ISBN13
9781119594246
יצא לאור ב
New York
זמן אספקה
21 ימי עסקים
עמודים
496
פורמט
Hardback
תאריך יציאה לאור
3 בינו׳ 2020
The definitive guide for ensuring data privacy and GDPR compliance
Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)--while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance.
The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices.
Comply with the latest data privacy regulations in the EU, EEA, US, and others
Avoid hefty fines, damage to your reputation, and losing your customers
Keep pace with the latest privacy policies, guidelines, and legislation
Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices
The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.
| עמודים | 496 |
|---|---|
| פורמט | Hardback |
| ISBN10 | 1119594243 |
| יצא לאור ב | New York |
| תאריך יציאה לאור | 3 בינו׳ 2020 |
| תוכן עניינים | Chapter 1: The Origin and Concept of Data Privacy 1. Introduction 2. Questions and Challenges of Data Privacy 3. The conundrum of voluntary information 4. What is Data Privacy? 5. Doctrine of information privacy 6. Social norms and laws 7. Options for a legal construct: Notice-and-Choice vs. Privacy-as-Trust 8. Notice and choice in the US 9. Enforcement of Notice-and-choice Privacy Laws 10. Privacy-as-trust: An Alternative Model 11. Applying Privacy-as-Trust into Practice - The US Federal Trade Commission (FTC) 12. Additional Challenges in the Advent of the Big Data era 13. Efficacy of privacy-as-trust model Chapter 2: A Brief History of Data Privacy 1. The extension of privacy as a "right to be left alone" 2. Extending individuals' privacy rights beyond the "castle" 3. Formation of privacy tort laws. 4. The roots of individual privacy in Europe and the Commonwealth. 5. Privacy encroachment in the new age of internet and connected media. 6. The Gramm-Leach-Bliley Act and the dynamic against privacy rights of individuals. 7. Emergence of economic value of individual data for digital businesses. 8. Legislative initiatives to protect individuals' data privacy. 9. The Internet Rights Revolution and The EU path 10. Data as an extension of Personal Privacy and End of the 'Wild West'? 11. Cambridge Analytica - a Step too far. 12. The context of privacy in law enforcement. Chapter 3: GDPR's Scope of Application 1. When does GDPR apply? "Processing" of Data "Personal Data" Exempted Activities under GDPR 2. The Key Players under GDPR 3. Territorial Scope of GDPR Physical Presence in the EU: Processing done "in the context of the activities" Users based in the EU "Time of Stay" standard 4. Operation of Public International Law Chapter 4: Technical & Organizational Requirements under GDPR 1. Accountability 2. The Data Controller Responsibilities of the Controller Joint Controllers & Allocating Liability The Duty to Cooperate with the SA 3. Technical & Organizational Measures Maintain a Data Protection Level Minimum Requirements for holding a Data Protection Level Weighing the Risks The Network & Information Systems Directive 4. Duty to Maintain Records of Processing Activities Content of Controller's Records Content of Processor's Records Exceptions to the Duty 5. Data Protection Impact Assessments Types of Processing which require DPIA Scope of Assessment Business plan oversight? 6. The Data Protection Officer Designation of DPO Qualifications & Hiring a DPO Position of the DPO Tasks of the DPO An inherent Conflict of Interest? DPO Liability 7. Data Protection by Design & Default Data Protection at the outset Balancing the amount of Protection Applying Data Protection by Design Special Case: Blockchain Technology & GDPR 8. Data Security during Processing Data Security measures Determining the Risk Posed Data Protection Management Systems; A "technical & organizational measure" 9. Personal Data Breaches Data Breaches Generally The Controller's duty to Notify Controller's duty to Communicate the Breach to Data Subjects 10. Codes of Conduct & Certifications Purpose & Relationship under GDPR Codes of Conduct Certification 11. The Data Processor Relationship between Processor & Controller Responsibilities of Controller in selecting a Processor Duties of the Processor Sub-Processors Chapter 5: Material Requisites for Processing under the GDPR 1. The Central Principles of Processing Lawful, Fair & Transparent Processing of Data Processing limited to a `Purpose' Data Minimization & Accuracy Storage of Data Integrity & Confidentiality of the Operation 2. Legal Grounds for Data Processing Processing based on Consent Processing based on Legal Sanction Changing the Processing "Purpose" Special Categories of Data 3. International Data Transfers Adequacy Decisions & "Safe" Countries Explicit Consent Standard Contractual Clauses The EU-US Privacy Shield Binding Corporate Rules Transfers made with or without Authorization Derogations Controllers outside of the EU 4. Intra-Group Processing Privileges 5. Cooperation Obligation on EU Bodies 6. Foreign Law in Conflict with the GDPR Chapter 6: Data Subject's Rights 1. The Controller's duty of Transparency Creating the Modalities Facilitating Information Requests Providing Information to Data Subjects The Notification Obligation 2. The `Digital Miranda' Rights Accountability Information Transparency Information Timing Defenses for not providing Information 3. The Right of Access Accessing Personal Data Charging a `reasonable fee' 4. Right of Rectification Inaccurate Personal Data Incomplete Personal Data Handling Requests 5. Right of Erasure Development of the Right The Philosophical debate Circumstances for Erasure under the GDPR Erasure of Personal Data which has been made Public What is `Erasure' of Personal Data? Exceptions to Erasure 6. Right to Restriction Granting Restriction Exceptions to Restriction 7. Right to Data Portability The Format of Data & Requirements for Portability Business Competition Issues Intellectual Property Issues Restrictions on Data Portability 8. Rights relating to Automated Decision making The Right to Object Right to Explanation Profiling Exceptions Special Categories of Data 9. Restrictions on Data Subject Rights Nature of Restrictions placed The Basis of Restrictions Chapter 7: GDPR Enforcement 1. In-House Mechanisms A Quick Review Implementing an Internal Rights Enforcement Mechanism 2. Data Subject Representation Standing of NPOs to represent Data Subjects Digital Rights Activism 3. The Supervisory Authorities Role of Supervisory Authority The Members of the Supervisory Authority An Independent Body Professional Secrecy Competence of the Supervisory Authority Tasks of the Supervisory Authority Powers of the SA Cooperation & Consistency Mechanism GDPR Enforcement by Supervisory Authorities 4. Judicial Remedies Judicial action against the Controller or Processor Courts v. SA; which is better for GDPR enforcement? Judicial action against the Supervisory Authority Controller suing the Data Subject? Suspending the Proceedings 5. Alternate Dispute Resolution Is an ADR arrangement allowed under GDPR? ADR Arrangements Key hurdles of applying ADR to the GDPR Suggestions for implementing ADR mechanisms 6. Forum Selection Clauses 7. Challenging the existing Law Chapter 8: Remedies 1. Allocating Liability Controller alone liable Processor alone liable Joint & Several liabilities 2. Compensation Quantifying `Full Compensation' Conflict in the scope of 'Standing' in Court 3. Administrative Fines Fines for Regulatory Infringements Fines for Grave Infringements Determining the quantum of the Fine 4. Processing Injunctions Domestic Law The EU Injunction Directive The SA's Power to Restrain Processing 5. Specific Performance Chapter 9: Governmental use of Data 1. Member State Legislations 2. Processing in 'Public Interest' What is Public Interest? Public Interest as a 'legal basis' for Processing State use of 'Special' Data Processing relating to Criminal Record Data 3. Public Interest & The Rights of a Data Subject Erasure & Restriction of Data Processing Data Portability Right to Object Right to Explanation 4. Organizational Exemptions & Responsibilities 5. Public Documents & Data The Network & Information Systems Directive Telemedia Data Protection National Identification Numbers 6. Archiving 7. Handling Government Subpoenas 8. Public Interest Restrictions on GDPR 9. Processing & Freedom of Information & Expression Journalism & Expression under the GDPR Combating 'Fake News' in the Modern Age 10. State use of Encrypted Data 11. Employee Data Protection The Opening Clause Employment Agreements The German `Betriebsrat' The French `Comite d' enterprise' Chapter 10: Facebook - A Perennial Abuser of Data Privacy 1. Facebook has propagated online social networking into an unstoppable global phenomenon. 2. Over the last two years Facebook has been disparaged for its data privacy practices. 3. Facebook has consistently been in violation of GDPR standards both in letter and spirit. 4. The charges against Facebook 5. What is Facebook 6. A network within the social network. 7. There is no shortage of "code of conduct" policies at Facebook 8. Facebook indisputably owns social networking and online human interaction. 9. Social networking as a mission 10. Facebook's underlying business model 11. Facebook is the apex of sharing and customizability 12. Bundling of privacy policies 13. On the surface Facebook covers all privacy policy bases 14. On the face of it, Facebook claims some philanthropy as well. 15. Mechanisms for Personal Data Collection 16. Advertising - Facebook's big revenue kahuna 17. And then there is direct marketing 18. Our big (advertiser) brother 19. There is a method to snooping on our clicks 20. What do we control? Or think we do. 21. Even our notifications can produce revenue. 22. Extent of Data Sharing 23. Unlike celebrities, we endorse without compensation 24. Whatever happened to trust 25. And to security of how we live 26. Who is responsible for security of our life data through breaches, or partnerships? 27. And then there were more: Facebook TV, Portal and other Future Projects 28. Who is responsible for content? 29. Why should content be moderated 30. There are Facebook Community Standards 31. Facebook's process for content moderation 32. Prospective Facebook Content Moderation `Supreme Court' 33. Working with Governmental Regimes 34. "Live" Censorship 35. Disinformation & `Fake' News 36. Facebook's False News Policy 37. Fixing the "Fake News" problem 38. Conclusion Chapter 11: Facebook & GDPR 1. The Lead Supervisory Authority 2. Facebook no sprachen Deutsche 3. Where is the beef? Fulfilling the Information Obligation 4. Data processing purpose limitation 5. Legitimate Interests; Commercial `restraint' needed 6. Privacy by design? 7. Public endorsement of personalized shopping 8. Customizing Data Protection 9. Our rights versus Facebook obligations 10. A Digital Blueprint & A GDPR Loophole 11. Investigations ahead 12. Future Projects Chapter 12: Creating a GDPR Compliance Department 1. Step 1: Establish a `Point Person' 2. Step 2: Internal Data Audit 3. Step 3: Budgeting 4. Step 4: Levels of Compliance needed 4.1: Local Legal Standards 4.2: Enhanced Legal Standards for International Data Transfers 4.3: International Legal Standards 4.4: Regulatory Standards 4.5: Contractual Obligations 4.6: Groups of Undertakings 5. Step 5: Sizing up the Compliance Department 6. Step 6: Curating the Department to your needs 6.1: `In-House' Employees 6.2: External Industry Operators 6.3: Combining the Resources 7. Step 7: Bring Processor Partners into Compliance 8. Step 8: Bring Affiliates into Compliance 9. Step 9: The Security of Processing 10. Step 10: Revamping Confidentiality Procedures 11. Step 11: Record Keeping 12. Step 12: Educate Employees on New Protocols 13. Step 13: Privacy Policies & User Consent 14. Step 14: Get Certified 15. Step 15: Plan for the Worst Case Scenario 16. Conclusion |
| זמן אספקה | 21 ימי עסקים |
Login and Registration Form