Buch, Englisch, 496 Seiten, Format (B × H): 160 mm x 231 mm, Gewicht: 739 g
ISBN: 978-1-119-59424-6
Verlag: Wiley
The definitive guide for ensuring data privacy and GDPR compliance
Privacy regulation is increasingly rigorous around the world and has become a serious concern for senior management of companies regardless of industry, size, scope, and geographic area. The Global Data Protection Regulation (GDPR) imposes complex, elaborate, and stringent requirements for any organization or individuals conducting business in the European Union (EU) and the European Economic Area (EEA)—while also addressing the export of personal data outside of the EU and EEA. This recently-enacted law allows the imposition of fines of up to 5% of global revenue for privacy and data protection violations. Despite the massive potential for steep fines and regulatory penalties, there is a distressing lack of awareness of the GDPR within the business community. A recent survey conducted in the UK suggests that only 40% of firms are even aware of the new law and their responsibilities to maintain compliance.
The Data Privacy and GDPR Handbook helps organizations strictly adhere to data privacy laws in the EU, the USA, and governments around the world. This authoritative and comprehensive guide includes the history and foundation of data privacy, the framework for ensuring data privacy across major global jurisdictions, a detailed framework for complying with the GDPR, and perspectives on the future of data collection and privacy practices.
- Comply with the latest data privacy regulations in the EU, EEA, US, and others
- Avoid hefty fines, damage to your reputation, and losing your customers
- Keep pace with the latest privacy policies, guidelines, and legislation
- Understand the framework necessary to ensure data privacy today and gain insights on future privacy practices
The Data Privacy and GDPR Handbook is an indispensable resource for Chief Data Officers, Chief Technology Officers, legal counsel, C-Level Executives, regulators and legislators, data privacy consultants, compliance officers, and audit managers.
Autoren/Hrsg.
Fachgebiete
- Wirtschaftswissenschaften Betriebswirtschaft Unternehmensorganisation, Corporate Responsibility Unternehmensethik
- Rechtswissenschaften Öffentliches Recht Verwaltungsrecht Allgemeines Informationsrecht, Datenschutzrecht
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Datensicherheit, Datenschutz
- Geisteswissenschaften Philosophie Angewandte Ethik & Soziale Verantwortung Wirtschaftsethik, Unternehmensethik
- Wirtschaftswissenschaften Betriebswirtschaft Management Unternehmensführung
Weitere Infos & Material
1 Origins and Concepts of Data Privacy 1
1.1 Questions and Challenges of Data Privacy 2
1.2 The Conundrum of Voluntary Information 3
1.3 What is Data Privacy? 5
1.4 Doctrine of Information Privacy 6
1.5 Notice-and-Choice versus Privacy-as-Trust 9
1.6 Notice-and-Choice in the US 9
1.7 Enforcement of Notice-and-Choice Privacy Laws 11
1.8 Privacy-as-Trust: An Alternative Model 13
1.9 Applying Privacy-as-Trust in Practice: The US Federal Trade Commission 14
1.10 Additional Challenges in the Era of Big Data and Social Robots 16
1.11 The General Data Protection Regulation (GDPR) 18
1.12 Chapter Overview 19
2 A Brief History of Data Privacy 23
2.1 Privacy as One's Castle 23
2.2 Extending Beyond the "Castle" 24
2.3 Formation of Privacy Tort Laws 24
2.4 The Roots of Privacy in Europe and the Commonwealth 25
2.5 Privacy Encroachment in the Digital Age 26
2.6 The Gramm-Leach-Bliley Act Tilted the Dynamic against Privacy 28
2.7 Emergence of Economic Value of Individual Data for Digital Businesses 29
2.8 Legislative Initiatives to Protect Individuals' Data Privacy 31
2.9 The EU Path 33
2.10 End of the Wild West? 37
2.11 Data as an Extension of Personal Privacy 37
2.12 Cambridge Analytica: A Step Too Far 39
2.13 The Context of Privacy in Law Enforcement 39
3 GDPR's Scope of Application 45
3.1 When Does GDPR Apply? 45
3.2 The Key Players under GDPR 52
3.3 Territorial Scope of GDPR 54
3.4 Operation of Public International Law 57
4 Technical and Organizational Requirements under GDPR 61
4.1 Accountability 61
4.2 The Data Controller 62
4.3 Technical and Organizational Measures 69
4.4 Duty to Maintain Records of Processing Activities 72
4.5 Data Protection Impact Assessments 73
4.6 The Data Protection Officer 80
4.7 Data Protection by Design and Default 84
4.8 Data Security during Processing 92
4.9 Personal Data Breaches 94
4.10 Codes of Conduct and Certifications 107
4.11 The Data Processor 112
5 Material Requisites for Processing under GDPR 125
5.1 The Central Principles of Processing 125
5.2 Legal Grounds for Data Processing 132
5.3 International Data Transfers 161
5.4 Intragroup Processing Privileges 182
5.5 Cooperation Obligation on EU Bodies 183
5.6 Foreign Law in Conflict with GDPR 184
6 Data Subjects' Rights 193
6.1 The Controller's Duty of Transparency 194
6.2 The Digital Miranda Rights 197
6.3 The Right of Access 201
6.4 Right of Rectification 203
6.5 Right of Erasure 205
6.6 Right to Restriction 214
6.7 Right to Data Portability 216
6.8 Rights Relating to Automated Decision Making 221
6.9 Restrictions on Data Subject Rights 226
7 GDPR Enforcement 233
7.1 In-House Mechanisms 233
7.2 Data Subject Representation 240
7.3 The Supervisory Authorities 241
7.4 Judicial Remedies 253
7.5 Alternate Dispute Resolution 258
7.6 Forum Selection Clauses 265
7.7 Challenging the Existing Law 266
8 Remedies 271
8.1 Allocating Liability 271
8.2 Compensation 273
8.3 Administrative Fines 275
8.4 Processing Injunctions 279
8.5 Specific Performance 283
9 Governmental Use of Data 287
9.1 Member State Legislations 287
9.2 Processing in the "Public Interest" 291
9.3 Public Interest and the Rights of a Data Subject 294
9.4 Organizational Exemptions and Responsibilities 297
9.5 Public Documents and Data 301
9.6 Archiving 304
9.7 Handling Government Subpoenas 305
9.8 Public Interest Restrictions on GDPR 305
9.9 Processing and Freedom of Information and Expression 306
9.10 State Use of Encrypted Data 308
9.11 Employee Data Protection 309
10 Creating a GDPR Compliance Department 319
10.1 Step 1: Establish a "Point Person" 319
10.2 Step 2: Internal Data Audit 321
10.3 Step 3: Budgeting 322
10.4 Step 4: Levels of Compliance Needed 323
10.5 Step 5: Sizing Up the Compliance Department 325
10.6 Step 6: Curating the Department to Your Needs 326
10.7 Step 7: Bring Processor Partners into Compliance 327
10.8 Step 8: Bring Affiliates into Compliance 328
10.9 Step 9: The Security of Processing 328
10.10 Step 10: Revamping Confidentiality Procedures 329
10.11 Step 11: Record Keeping 329
10.12 Step 12: Educate Employees on New Protocols 330
10.13 Step 13: Privacy Policies and User Consent 331
10.14 Step 14: Get Certified 331
10.15 Step 15: Plan for the Worst Case Scenario 331
10.16 Conclusion 332
11 Facebook: A Perennial Abuser of Data Privacy 335
11.1 Social Networking as an Explosive Global Phenomenon 335
1.2 Facebook is Being Disparaged for Its Data Privacy Practices 335
11.3 Facebook Has Consistently Been in Violation of GDPR Standards 336
11.4 The Charges against Facebook 336
11.5 What is Facebook? 337
11.6 A Network within the Social Network 337
11.7 No Shortage of "Code of Conduct" Policies 338
11.8 Indisputable Ownership of Online Human Interaction 339
11.9 Social Networking as a Mission 339
11.10 Underlying Business Model 340
11.11 The Apex of Sharing and Customizability 341
11.12 Bundling of Privacy Policies 341
11.13 Covering All Privacy Policy Bases 342
11.14 Claims of Philanthropy 343
11.15 Mechanisms for Personal Data Collection 344
11.16 Advertising: The Big Revenue Kahuna 346
11.17 And Then There is Direct Marketing 347
11.18 Our Big (Advertiser) Brother 347
11.19 A Method to Snooping on Our Clicks 348
11.20 What Do We Control (or Think We Do)? 349
11.21 Even Our Notifications Can Produce Revenue 352
11.22 Extent of Data Sharing 353
11.23 Unlike Celebrities, We Endorse without Compensation 354
11.24 Whatever Happened to Trust 355
11.25 And to Security of How We Live 355
11.26 Who is Responsible for Security of Our Life Data? 356
11.27 And Then There Were More 359
11.28 Who is Responsible for Content? 359
11.29 Why Should Content Be Moderated? 360
11.30 There are Community Standards 361
11.31 Process for Content Moderation 369
11.32 Prospective Content Moderation "Supreme Court" 370
11.33 Working with Governmental Regimes 370
11.34 "Live" Censorship 371
11.35 Disinformation and "Fake" News 372
11.36 Conclusion 380
12 Facebook and GDPR 393
12.1 The Lead Supervisory Authority 393
12.2 Facebook nicht spricht Deutsch 393
12.3 Where is the Beef? Fulfilling the Information Obligation 394
12.4 Data Processing Purpose Limitation 395
12.5 Legitimate Interests Commercial "Restraint" Needed 396
12.6 Privacy by Design? 398
12.7 Public Endorsement of Personalized Shopping 398
12.8 Customizing Data Protection 399
12.9 User Rights versus Facebook's Obligations 400
12.10 A Digital Blueprint and a GDPR Loophole 401
12.11 Investigations Ahead 402
12.12 Future Projects 403
13 The Future of Data Privacy 407
13.1 Our Second Brain 407
13.2 Utopian or Dystopian? 409
13.3 Digital Empowerment: Leveling the Playing Field 410
Notes 412
Appendix: Compendium of Data Breaches 413
About the Authors 467
Index 469
