What is the GDPR?

Posted byGDPRsimple Leave a comment on What is the GDPR?

We at GDPRsimple put together a series of posts on what is the GDPR. Please keep coming back to this page to see new posts and updates to old posts as information becomes available.

What’s with all that jargon in the GDPR?

What types of individual rights are there under the GDPR?

The right of information – What types of privacy notices are there?

The right of information – What information should be in an “individual” privacy notice?

The right of information – What information should be in a “third-party” privacy notice?

The right of information – What information should be in a “website” privacy notice?

The right of access – What is it?

The right to rectification – What is rectification?

The right of erasure – What does it mean to get “erased”?

The right of restriction – What is the right to restrict processing?

The right to data portability – What is this right and data portability?

The right to object – What is this right and how does it work?

The right not to be subject to automated processing – what does this mean?

How does the GDPR change individual rights?

How do I keep all these rights straight?  Are there any commonalities between all these rights?

How to break the GDPR into bite sized pieces

What is a “legal basis to process personal data”?

How to get consent from individuals to process their data?

What does it mean for an organization to have a legitimate interest to process personal data?

How to conduct a legitimate interest assessment

What does it mean to use contract as a legal ground for processing personal data?

Do you use a processor to process or are you a processor who processes personal data?

What kind of agreements do you need if you are a processor or use a subprocessor?

What needs to be in the agreement between the controller and the processor?

What is a data breach under the GDPR and what do you do when one happens?

What needs to be in a GDPR personal data breach notification?

Why you should have a Personal Data Breach Policy and what should be in it?

How is security of processing assessed?

Why you should have a Data Protection Policy and a Data Retention and Erasure Policy and what should be in them?

When is a data protection impact assessment required and how is it conducted?

What consultations should occur prior to high-risk processing?

Records of Processing Activities

Leave a comment

Your email address will not be published. Required fields are marked *