gdpr or bust updated

GDPR or Bust?

Introduction

In this post, I’m going to slowly build up a head of steam in preparation for a journey heading in one of many possible directions towards ‘General Data Protection Regulation’ (GDPR) compliance.  Before moving slowly forward I review the point at which this journey begins for many Irish small to medium business, micro firms and non-profit/volunteer organisations who should be scheduling their arrival before the 25th May 2018 deadline.

GDPR_JunctionGetting On The Right Track

On route we’ll stop off to sample some of the GDPR preparation guides already available and the other online information to help speed the journey through the unfamiliar territories and safely over those steep valley gorges.  Before journeys end, there maybe steep inclines, dangerous bends, troubled waters to be bridged and mountains to be avoided.  Some of our journey men and women may be left standing on the platform unsure as to when to buy a ticket to board the GDPR express.  Other ticket holders maybe still battling with themselves as to if and when is best to climb aboard.

Jumping aboard myself, I find some passengers asleep safe in the knowledge that their time spent on pre-travel checks allows them to sleep soundly confident that their on the right track, heading in the right direction, at maximum speed towards GDPR compliance.  But for some of my fellow travellers, there may still be trouble ahead as dreams can turn to nightmares and that nagging feeling you get that you may have left something or someone behind.  If so, that feeling maybe supported by existing statistics which suggest a possible rude awakening around the bend awaits many small Irish businesses and non-profit organisations.

GDPR_Rude_AwakeningA GDPR Rude Awakening

Looking around the carriages, I noted a large number of empty seats.  Statistics from a Survey reported in May 2017 suggests that the GDPR Express train was running on-time but far short of its expected ticket sales and seating capacity as “just 14% have begun getting ready” to make the GDPR journey.  As much as 86% possibly remain behind waving us a fond farewell from the platform.  The statistics appear to suggest these small to medium enterprises and micro firms are left behind because for them, GDPR may not apply and they may lack the fullest understanding of the strategy, requirements or obligations needed at the end of the line.

With only 4 months to go and for such a journey ahead, many could fail to hear the final whistle, catch a later train or even miss the last train.  In an globalised online world of outsourcing, cloud computing and remote hosting, sometimes those we very much rely upon as service providers, vendors and suppliers need to join us on our journey as our nearest and dearest travel companions but have been left behind as we speed away towards “GDPR or Bust!”.

GDPR or Bust may seem overly dramatic but right or wrong, in preparation for GDPR, I will outline some helpful resources, statistics and further reading I’ve encountered during my research journey.  On route, I stop off to borrow from my earlier post on ‘Breaking Brexit’ to begin outlining a possible project approach to forming, preparing and implementing GDPR preparation strategies.  If your not sure what GDPR is and statistics may be suggesting your not alone, the Data Commissioner (Ireland) has an excellent website with reading materials, resources and a ’12 step guide’ to help get you started on the right track and heading in the right direction departing from here: GDPRAndYou.ie

Packing_For_GDPRPacking For GDPR

Lets Get Packed!

Before buying your ticket for the GDPR Express and choosing your destination, direction, track and fellow travellers, here’s some of the many snap shots I took on route that may help to ease the journey ahead of you.  But before you step aboard and the train gets underway there are a few little travel essentials we need to first get organised.  Again, like my previous posts we need to stop off for a reality check and to say I hope you will find this post a bit different, proactive and informative rather than the usual dry scary self promotion … there’s a lot of it about!

As a project manager, I do not promote myself as a GDPR or legal expert, specialist or consultant but do frequently get asked to help in formulating strategies and lead projects to implement the strategies required to get the job DONE!  The idea at the heart of this post’s objective is to get people thinking, talking and hopefully doing something positive ahead of the GDPR deadline.  While there maybe lots of sources referenced or cited in this post, this post is not intended to promote or endorse any particular thinking, source, view, option, opinion, action or approach and the reader is requested to keep an open mind when reading this post, referencing the linked sources or materials and the information presented.

To allow this post to continue to add reader value now and into the future, the post is a living post being changed, corrected, updated and amended over an extended time as new information and sources are considered to be worthy of readers further consideration. If you have something you feel is related and worthy of consideration and sharing, please add your comments below.  In short, every project, approach and journey will be different. The reader should fully consider the unique context of their projects requirements, scope, budget, obligations, risks, quality requirements and constraints.

Readers are strongly recommended to seek professional and expert specialist advise and guidance when required.

 

GDPR_World_Flashing_ByA World Of GDPR Flashing By

Watch The GDPR World Fly By

As we set out on our journey there are lots and lots of small stopping points to review interesting information on route.  Each little station has its own insights into the world of GDPR.  Looking out the window we merely get a brief flash.  If you want a closer look pull the cord (click on the link), stop the train and step off to sample more of what’s on offer otherwise, sit back, enjoy the ride and watch the GDPR world fly by.  Before we get ahead of ourselves, our journey begins slow and steady. Lets begin at the GDPR beginning.

 

“The General Data Protection Regulation (GDPR) is a new piece of data protection regulation which will become law across the EU in May 2018. It will replace all current data protection regulations.”

( www.independent.ie )

 

“The General Data Protection Regulation (GDPR) very significantly increases the obligations and responsibilities for organisations and businesses in how they collect, use and protect personal data. At the centre of the new law is the requirement for organisations and businesses to be fully transparent about how they are using and safeguarding personal data, and to be able to demonstrate accountability for their data processing activities.”

( www.GDPRAndYou.ie )

 

So, if your interested to stop off and take a more detailed visit with how does the new GDPR differ from the existing ‘Data Protection Act’, pull the cord now by clicking on the following link and stop off to spend a little time taking a closer look at The key-changes

 

GDPR Origins

As the deadline of 25th May 2018 fast approaches, statistics suggest confusion remains for many Irish Small Business around formulating General Data Protection Regulation preparation strategies, implementation plans and compliance activities. This possible confusion may cross profit and non-profit boundaries in organisations of all sizes from micro to global enterprises.  Small and micro firms could be more susceptible than most.   Such statistics go as far as to suggest for some it could be a choice between … GDPR or bust!

GDPR is not new! … To better understand a future with GDPR we need to reflect and back track on its origins to before 2014! You can read more about ‘The History of the General Data Protection Regulation’ by the European Data Protection Supervisor.  In ‘GDPR: The Story So Far’, PwC take a more detailed overview of the more recent history of GDPR.

 

Hype, Hysteria and Hyperbole

When we need expert help, we often turn to those we believe to be experts for advice and guidance.  My research turned up this insightful and interesting summary posted by Martin Rowland on LinkedIn.  Martin samples some of the “Resellers spar in GDPR debate” discussions between resellers and ‘Managed Service Providers’ (MSP’s).  MSP’s are often those information technology (IT) service providers that manage and assume responsibility for providing a defined set of services that clients could look to for such guidance.  The summary thoughts of individual speakers on GDPR are to Keep calm and carry on”, “It’s not going away”, “Just follow good practice” and “Just get on with it” didn’t really inspire my confidence that the existing Hype, Hysteria and Hyperbole around GDPR is going to go away any time soon.

 

The Biggest Challenge

If your big into the technical end, data security in cloud computing, secure backups, Internet of Things ( IoT ) in managed service systems in a future with GDPR, I found the ‘GDPR in the Channel’ round table discussion revealing and well worth a watch.  On the question of market conditions for MSP’s in a world ahead of the GDPR deadline, one panellist Dave Sobel of SolarWinds MSP commented that “… its (GDPR) the hottest topic … there is obviously a lot of uncertainty in the market her right now, particularly when you look at compliance and regulation and that’s the number 1 area”.  Another round table panellist Scot Dodds of Ultima Business Solutions goes on to suggest “… there’s real risk, real risk to businesses, there’s 4% of global revenues as a fine, these are serious implications and how that’s managed when it comes to it (the deadline) on May 18 (2018) who knows, we talk about … how probably your biggest challenge is your competitors or customers blowing the whistle on you rather than anything else ….

Reflecting on what appeared to me to be a growing consensus between the debate and round table panellists that the biggest challenge was “GDPR is 95 per cent a legal issue” which suggested the legal eagles would be the first required to pick over the bones of GDPR.

 

GDPR_Legal_EaglesLegal Eagles Get Their Claws Into GDPR

Low Flying Legal Eagles

I would need to call a legal eagle and all be it an unscientific crude experiment ask a simple question.  I decided to call a small town down to earth local solicitor who I deeply and professionally respect.  So what did I say to this low flying legal eagle? … ‘I am looking for some legal advise on GDPR … is this something you can help me with? or is there another legal firm you recommend that specialises in GDPR?’.  As I expected the reply was swift and direct and to be honest, much as I had suspected.

While ‘What does GDPR stand for?’ would be what I expected to hear, I cant even say I was surprised by the down to earth home truths shared with me next.  The recommendation I would summarise as ‘You’ll most likely need to call one of the big Dublin based legal firms’.  Ok, no real surprise there then, until he drove his point home with the precision and accuracy of his eagle eye focused on the reality that was for him blindingly obvious and simple.  Many small businesses, never mind those humble little micro-firms, most often can not afford to call down a flock of high flying Dublin based legal eagles to help formulate and implement a GDPR strategy, let alone pay to get the job done right this side of the deadline.

 

Measuring GDPR ready-ness?

Never happy with unsolved problems or unanswered questions, my question was … how to measure if the solicitors point had any factual basis?  So I went in search of what others had to say on the subject, here’s what I found …

 

“The GDPR expands the territorial scope of EU data protection law, meaning a greater number of organisations will now be subject to it.”

( Mason Hayes & Curran )

 

“Two thirds of Irish businesses are unaware of their obligations under the impending “game-changing” general data protection regulation (GDPR) which comes into law next May, a report has found.”

(IrishExaminer.com)

 

“The GDPR will become law in May 2018 and will be the biggest change in data protection rules to occur in Ireland. “,

“The new data protection laws in the General Data Protection Regulation (GDPR) are applicable to organisations of all sizes, including Small & Medium Enterprises (SMEs), but many small businesses have not begun preparing for this comprehensive piece of legislation.”

( Independent.ie )

Digging a little deeper I then turned up the following …

“Only 16% have already mobilised a project to meet the compliance requirements;”

( Mazars.ie )

 

One could draw the interpretation that flipping this 16% statistic could also suggest that as much as 84% have Not! yet mobilised a project to meet the GDPR compliance requirements.

 

(23%) of Irish organisations would be forced to close if they were found to be liable to fines under impending General Data Protection Regulation (GDPR) legislation.”

( BusinessWorld.ie )

 

Avoiding_Going_Off_The_GDPR_RailsAvoiding Going Off The GDPR Rails

What’s possibly coming down the line?

In summary, as a worst case … what could possibly be coming down the line? … Armed with little more than a suspicion supported by statistics and media reports turned up by my research, its easy for me to conclude that there maybe a risk to a large number of small businesses and not-for-profit organisations.  Such organisations perhaps historically may have been asleep at the ‘Data Protection’ controls and now are awaking to a runaway train demanding they quickly regain control and avoid a train wreck by jumping rails in order to get back on track in a more GDPR compliant direction.  Others maybe gambling that down the tracks, a band of competing desperado’s are not laying in wait, ready to blow the tracks and derail those late departures.  Even few of those last trains could have gambled on an ill-fated “wait-and-see” strategy intending under the cover of darkness to sneak into ‘Compliance’ town sometime after the deadline in hope of passing unnoticed by the local sheriff.  Regardless of my suspicions, statistics or well informed insights … if you have not taken the journey and arrived safe and sound, perhaps its time to get on board.  If your not exempt and not yet GDPR ready, perhaps the first steps to be taken are to Prepare for GDPR.

 

 

Prepare for GDPR

www.GDPRAndYou.ie is a first stop for many of those hoping to lay down tracks heading in the right direction as their first steps toward becoming GDPR ready, the Irish Data Commissioner has compiled a summary of its own simple 12 step infographic which can give you a good insight into the major milestones you’ll need to visit on route.

GDPR 12 Steps

Data Commissioner (Ireland) – 12 Step Infographic

 

The Data Protection Commissioner (Ireland) published a more detailed deeper dive into the above 12 step infographic entitled ‘The GDPR and You – Preparing for 2018’

IBEC have created two helpful guides on the GDPR including one which offers guidance for Irish employers.

John Kennedy writes for SiliconRepublic.com that ‘GDPR is a year away: 7 things you need to know to take action’.

 

“In a recent report, Managing Insider Risk through Training & Culture, data protection and privacy training professionals stated that their employees are their weakest link when it comes to information security. The Data Commissioner advises it is good practice to provide all staff data protection training on or shortly after starting employment and regular updates throughout their employment.”

( Legal-Island.ie )

 

“One final piece of advice: Don’t ignore it. Don’t bury your head in the sand and hope that it will go away, because it won’t. Find out today where it really impacts your organisation and build a tangible roadmap for addressing it.”

(George Parapadakis)

 

I found a collection of 10 part articles complete with side bar ‘Recitals’ entitled ‘Top 10 operational impacts of the GDPR’ by the International Association of Privacy Professionals.  It takes a deeper dive than most 3rd party articles and makes for good reading when formulating a GDPR preparation strategy.

 

There are lots and lots and lots of articles about how to make good on your GDPR preparations … to many to mention.  Needless to say researching around the topic as I have, I am left with more questions, black holes, grey areas and gaps than when I started, but that’s all part of the ongoing learning process with GDPR, for example …

 

GDPR Gaps, Grey Areas, Black Holes & Pitfalls

GDPR is not without its own gaps, grey areas, black holes and pitfalls as you may find if you start asking questions such as …

  • How is ‘Large amounts of personal data’ defined and measured?
  • How to scope ‘economic’ investments and interests relating to ‘Personally Identifiable Data’?
  • How to bring 3rd Party service providers/data processors and joint data controllers into GDPR compliance? (the GDPR ‘Personal Data’ supply chain)
  • What about the ‘Electoral Roll?’ and Oireachtas members obligations under the GDPR?
  • Achieving GDPR compliance in the globalised world of the Internet of Everything?
  • What does Brexit mean in an EU of GDPR?
  • The role of legacy systems in a future with GDPR requirements and obligations?
  • How to validate and demonstrate GDPR compliance?
  • How is the ‘Data Protection Officers’ knowledge and expertise defined, measured and validated?
  • How is ‘Personal Data’ “sensitivity” defined and measured?
  • How is “proportionate” defined and measured under GDPR?
  • How is “high risk” defined and measured?
  • Will there really be no lead GDPR supervisory in the Uk when Uk finally Brexit’s?
  • How is “High volume” defined and measured?
  • How is the “Appropriate technical or organisational measures are to be taken in order to comply” being defined and measured once taken?
  • How is “Occasional” defined and measured?

… and the list just keeps on growing  …

 

When struggling with such questions, it can help to take ‘A Closer Look At Definitions’.

 

 

Example Approach:

SPI Minimal Approach WheelThe ‘Simple Project Implementation’ (SPI) Approach

 

GDPR Approaches

Approaching GDPR preparations is similar to the possible approaches to ‘Breaking Brexit’, it can be simple but intimidating in scale to the point that some may lose focus on the bigger picture.  Just like eating an elephant, the best way to approach this mammoth task is to eat the elephant one small bite at a time.

A common first step to most implementation projects regardless of type is to first clearly define the problem and the objective and then communicate these widely to all key stakeholders seeking their feedback and agreement.  Sometimes in small organisations, business and firms a simple approach can gain the greatest traction and avoid spinning those wheels in the muddy details.  On its own, at sight of the Shewhart (aka Deming) cycle helps to visualise a more simple problem solving approach to strategise those more complex problems.  Blending and tailoring this simple approach we can create an agile approach more natural to small enterprises in the hope of ‘Making Projects Simple’ as follows:

Making Projects SimpleExample of “Making Projects Simple”

 

The Problem With GDPR

Approaching GDPR preparations can be similar to the ‘Breaking Brexit’ approach, it can be simple but intimidating in scale to the point that some may lose focus on the bigger picture.  Just like eating an elephant, the best way to approach it is one bite at a time.  A common first step to defining the problem with GDPR is to begin by defining a ‘Problem Statement’.  A good problem statement clearly defines the problem to be addressed and communicates to all key stakeholders and invite their shared understanding, feedback, buy-in and commitment if a more widespread agreement is required.

 

GDPR Problem StatementExample Problem Statement

 

 

Assuming all the feedback is in, and the problem is clear and agreed, a further step maybe to create an overall SMART objective for the over arching project for example:

“Go-Live! with GDPR validated processes, policies, practices and procedures on or before the 19th of March 2018.”

 

SMART ObjectivesExample SMART Objectives

Both the ‘Problem Statement’ and the ‘SMART Objective’ could now come together and form the starting point for the ‘Project Charter’.  The ‘Project Charter’ acts as the contract of agreement between the key stakeholders, sponsors, promoters and the project team.  It is a living document which spans the life of the project and as a signal A4 document can become the parent of a series of smaller prioritised bite size projects.

 

Example_Project_CharterExample ‘Project Charter’

 

For each project, we can add a helpful visual that summarises the project milestones and deliverables using a ‘Project Timeline’.  The ‘Project Timeline’ can be further broken down into more and more detailed ‘Project Timelines’ for those smaller bit size projects as children of the overall parent project I mentioned above.

 

GDPR_Example_Project_TimelineExample ‘GDPR Project Timeline’

 

You may have noticed in the example ‘Project Timeline’ a number of overall high level milestones are shown with possible dates for completion.  Each milestone often signals the end of a significant phase of the project and a stage gate for management to check in on progress and approach before the next body of work (or bite of the elephant) is approved.  This is important to keep in mind because, usually the bulk of the detailed planning work in such projects is completed early and the bulk of the resource heavy execution is completed in the later phases of a project.  So lets roll back to the early phases before slowly rebuild our speed.

 

In ‘Breaking Brexit’ there was a helpful preparing for Brexit Scorecard self assessment, when assessing ‘Data Protection Act’ ready-ness for the first time, the Data commissioner (Ireland) has a helpful ‘CheckList’ in the form of a series of questions.  Again, the Data commissioner (Ireland) has also published its ‘Check List’ but now for the GDPR as part of The GDPR and You – General Data Protection Regulation – Preparing for 2018. Because the UK and Ireland share a lot in common, I found the ‘Getting ready for GDPR’ which is freely available online from the UK’s ‘Information Commissioners Office’ high level assessment is a simple early warning system of self-assessment utilising a similar approach to that of the ‘Brexit Scorecard’.  If you find this approach helpful, it maybe worth your time also taking a look at the full ‘Data Protection Self Assessment Toolkit’.  If you want to dig a bit deeper into many of the GDPR definitions, the Isle of Man Information Commissioner has published a helpful PDF that takes ‘A Closer Look At Definitions’.

 

More project activities you could also consider when formulating your GDPR preparation strategy:

  • Further in-depth Research
  • Training for staff and any appointed ‘Data Protection Officer’ (DPO)
  • Self Assessment of current and ongoing GDPR readiness and progress towards compliance
  • Process Mapping of all the existing personal data processes
  • Gap Analysis between the GDPR ‘As-Is’ readiness and the GDPR ‘To-Be’ readiness
  • GDPR Preparation Strategy (What needs to be ‘Done’)
  • Implementation Plan (‘Who’, ‘How’ and ‘When’ of getting the job ‘Done’)
  • Validation Processes, Change Management and Sign Off to manage the change required, ensuring its ‘Done’ right
  • Seek guidance from Subject Matter Experts (Technical, Administrative or Legal) as required
  • Secure external communications in relation to ‘Trade Secrets’ and ‘Sensitive Information’ utilising ‘Non-Disclosure Agreements’

 

GDPR or Bust!

There are exceptions for organisations under GDPR. By in large GDPR applies to more organisations than previously was applied by the ‘Data Protection Act’. The is a risk that, those who did not previously register as ‘Data Controllers’ or ‘Data Processors’ will on the 25th May 2018 be deemed to be ‘Data Controllers’ or ‘Data Processors’ and obligated to comply as such.  Regardless of reason, not applying GDPR when GDPR needs to be applied could signal a runaway train heading at full steam towards a real disaster.

 

The Irish Pedigree Livestock Industry

As a 20 year technical veteran of the Irish agri pedigree cattle and sheep livestock industry I have a number of concerns about small and micro organisations asleep at the wheel and oblivious to the pending train wreck if they fail to hear the GDPR express train coming the other way.  This could be an even greater risk if 3rd party service providers as ‘Data Processors’ expose or compound any existing GDPR gaps in the organisations processes, practices, policies, procedures and legacy systems.

Compounding this risk could be the GDPR ‘Opt. In Consent’ requirement where existing consent was gained previously and is no longer valid. Outdated rule sets, terms and conditions, contracts and agreements which pre-date GDPR and remain without comprehensive revision also could be a risk and signal danger ahead.

Its not difficult to imagine that some small to micro ‘Not-for-profit’ agri industry organisations could be included in those possible 84% who have not begun to implement a ‘General Data Protection Regulation’ preparation strategy as suggested by statistical data gather back in April of this year.

In the case of GDPR, a failure to plan could signal the end of the track for some small organisations.

So hopefully this article can help to inspire those with a need to get on board and take the GDPR express train journey towards GDPR compliance and so avoid the gamble of GDPR or Bust!

Charing The GDPR Course Ahead

Example GDPR Project Activities

Beyond project preparation & strategy our express train pulls safely into the harbour. Together we stand dock side and marvel at the size and scale of the GDPR cruse ship boarding for departure. With one weather eye watching for stormy seas ahead, we stand firm on sturdy sea legs as wave’s of requirements begin crashing around us. Its now or never, implementation is the next step in our GDPR compliance journey. GDPR express passengers now board the GDPR cruse ship, despite potential choppy seas ahead. Sink or swim, we begin by charting the journey ahead in the hope we’re on course, ship shape and heading in the right direction towards GDPR compliance.

 

All aboard!!! …

 

Further Related Posts Include:

An Ocean of GDPR Data Streams

 

Resource References:

  1. Coming Soon! Simple Project Implementation (SPI)
  2. Data Protection Commissioner (Ireland) – General Data Protection Regulation
  3. My Breaking Brexit post
  4. www.Independent.ie – GDPR What, Why, Where & When
  5. Data Protection Commissioner (Ireland) – www.GDPRAndYou.ie
  6. Data Protection Commissioner (Ireland) – Self Assessment Data Protection Checklist
  7. European General Data Protection Regulation Portal – EU GDPR Key Changes
  8. The European Data Protection Supervisor – ‘The History of the General Data Protection Regulation’
  9. PwC – ‘GDPR – The Story So Far’
  10. Martin Rowland – Resellers spar in GDPR debate – Highlights
  11. CRN ChannelWeb.co.uk – Resellers spar in GDPR debate
  12. CRN ChannelWeb.co.uk – GDPR in the Channel
  13. www.GDPRAndYou.ie – GDPR 12 Step To Being Prepared
  14. www.GDPRAndYou.ie – Awareness Of, and Preparation for, the General Data Protection Regulation, in SMEs
  15. www.GDPRAndYou.ie – DPC Press Release – 365 to GDPR
  16. www.GDPRAndYou.ie – A Guide To Help SMs Prepare for GDPR
  17. IrishExaminer.com – Warning issued on upcoming General Data Protection Regulation
  18. Mazars Ireland – General Data Protection Regulation Survey Finding
  19. George Parapadakis – #Fake-GDPR and #GDPR-mongering – Let’s keep it real!
  20. www.IrishTimes.com – TDs fear new data protection rules will hamper constituency work
  21. EmploymentRightsIreland.com – The General Data Protection Regulation (GDPR) in Ireland-the Essentials
  22. IBEC – IBEC Guides on the General Data Protection Regulation (GDPR)
  23. BusinessWorld.ie – 23% of Irish companies would be forced to cease trading if found liable to GDPR fines
  24. Independent.ie – SMEs and GDPR…Benefits, exemptions and why Irish businesses need to prepare
  25. Mason Hayes & Curran – New ‘Getting Ready for the GDPR’ Guide
  26. Legal-Island.ie – Data Protection in the Republic of Ireland Workplace
  27. Silicon Republic.com – GDPR is a year away: 7 things you need to know to take action
  28. SiliconRepublic.com – Majority of organisations expect a GDPR audit in the next 18 months
  29. Data Protection Commissioner (Ireland) – The GDPR and You – General Data Protection Regulation – Preparing for 2018
  30. Data Protection Commissioner (Ireland) – Irish DPA Helen Dixon on her priorities for enforcement on May 26, 2018
  31. Cisco – Introduction to GDPR (from a Brexit Perspective)
  32. KuppingerCole – Is Your Software GDPR-Compliant? Is That the Right Question?
  33. International Association of Privacy Professionals – ‘Top 10 operational impacts of the GDPR’
  34. Information Commissioners Office (UK) – ‘Data Protection Self Assessment Toolkit’.
  35. Information Commissioners Office (UK) – Preparing for the GDPR – 12 Steps to take now
  36. Information Commissioners Office (UK) – Getting Ready for the GDPR – Checklist
  37. Information Commissioners Office (UK) – Subject Access Code of Practice (SARs Requests)
  38. European Commission – Data Protection – Better Rules For Small Business
  39. European Commission – Code of Conduct on privacy for mHealth apps has been finalised
  40. Information Commissioner (Isle of Man) – ‘A Closer Look At Definitions’
  41. Information Commissioner (Isle of Man) – The General Data Protection Regulation
  42. Information Commissioner (Isle of Man) – Getting Ready For GDPR – Part 1
  43. Information Commissioner (Isle of Man) – Getting Ready For GDPR – Part 2
  44. Fieldfisher Law Firm – The ambiguity of unambiguous consent under the GDPR
  45. Official Journal of the European Union- Regulation (EU) 2016/679
  46. European Commission – Factsheet on the “Right to be Forgotten”
  47. European Commission – Code of Conduct on privacy for mHealth apps has been finalised (a good non-technical practical contextual read)
  48. Version1.com – GDPR – Key Impacts and Architectural Implications: What you Need to Know
  49. SecureDataService – EU General Data Protection Regulation (EU-GDPR) – Table of contents
  50. Commission Nationale de l’Informatique et des Libertés – Data Protection Around The World
  51. DLA Piper – EU General Data Protection Regulation – Actions To Take (A Snapshot Assessment)
  52. The Association of Data Protection Officers – Will Brexit complicate GDPR?
  53. ThinkBusiness.ie – A GDPR Guide For Start-ups and Small Business
  54. Computing.co.uk – GDPR: Organisations ignoring paper-based risks (Free registration required)
  55. Computing.co.uk – GDPR: The Death Of Telemarketing? (Free registration required)
  56. National Cyber Security Centre (UK) – Cyber Security: Small Business Guide
  57. European Data Protection Supervisor – Implementation of Data Protection by Design and by Default
  58. Automattic / WordPress.com – Automattic and the General Data Protection Regulation (GDPR)
  59. National Cyber Security Centre (Uk) – Cyber Security For Your Organisation Starts Here
  60. Intersoft Consulting Services AG – Professing of ‘Special Categories’ of ‘Personal Data’
  61. A series of LinkedIn Articles and Comments relating to GDPR by Phil Lee
  62. Charity Finance Group (Uk) – General Data Protection Regulation – A Guide For Charities

 

TO BE CONTINUED! …

[Legal]
[AboutMe]
[SocialNetworks]

 

 

Comments are Closed