What is involved in GDPR
Find out what the related areas are that GDPR connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a GDPR thinking-frame.
How far is your company on its GDPR journey?
Take this short survey to gauge your organization’s progress toward GDPR leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.
To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.
Start the Checklist
Below you will find a quick checklist designed to help you think about which GDPR related domains to cover and 203 essential critical questions to check off in that domain.
The following domains are covered:
GDPR, Medical privacy, Data protection, Privacy by Design, Data Protection Commissioner, European Union Agency for Network and Information Security, Article 29 Working Party, Data portability, Information Commissioner’s Office, European Parliament, Electronic Frontier Foundation, General Data Protection Regulation, Right to privacy in New Zealand, Mass surveillance, Google Spain v AEPD and Mario Costeja González, Data Protection Act, 2012, Directive 95/46/EC, Global Network Initiative, NIS Directive, EPrivacy Regulation, Government gazette, Center for Democracy and Technology, Privacy in Australian law, Human rights, Baker & McKenzie, Data Protection Directive, Privacy Rights Clearinghouse, Privacy concerns with social networking services, Right to explanation, Privacy law, Commission nationale de l’informatique et des libertés, National Privacy Commission, GDPR, Privacy law in Denmark, Identity theft, Federal Data Protection and Information Commissioner, American Civil Liberties Union, Article 29 Data Protection Working Party, Spanish Data Protection Agency, Cellphone surveillance, EU-US Privacy Shield, Personal information management, Federal Commissioner for Data Protection and Freedom of Information, European Commission, National data protection authorities, Privacy International, European Commission Data Protection Officer, Political privacy, Financial privacy, Office of the Australian Information Commissioner, Internet privacy, European Parliament Committee on Civil Liberties, Justice and Home Affairs, Future of Privacy Forum, European Data Protection Supervisor, National data protection authority, Surveillance state, Computer Professionals for Social Responsibility, Expectation of privacy, Personal identifier, Federal Act on Data Protection, Danish Data Protection Agency, Data breach, Privacy-enhancing technologies, Swedish Data Protection Authority, Council of the European Union, European Union, European Council, Information privacy law, International business, Social Science Research Network:
GDPR Critical Criteria:
Infer GDPR leadership and gather GDPR models .
– Can a customer prevent us from collecting his/her personal data? For example by saying he/she does not want his/her phone number or IP address to be stored by us?
– Is it mandatory to transfer all physical documents in digital format? If I have a physical contract for example; do I a have to put it in digital format?
– How do your measurements capture actionable GDPR information for use in exceeding your customers expectations and securing your customers engagement?
– Would you be able to notify a data protection supervisory authority of a data breach within 72 hours?
– What about personal data I want to transfer outside the EU or to international organizations?
– What happens when personal data is breached under the GDPR?
– How can I demonstrate I am complying with the Regulation?
– Does the GDPR make extra provisions for children?
– What kind of information does the GDPR apply to?
– What do you need to do to prepare for the GDPR?
– Do I have to get consent from an individual?
– WHAT DOES ACCOUNTABILITY MEAN IN PRACTICE?
– Do you know where your data is today?
– Are you transferring data overseas?
– What does the reform do for SMEs?
– Is this true for all companies?
– When will it come into force?
– Consent Mission Impossible?
– Is the breach a risk?
– Are you ready?
Medical privacy Critical Criteria:
Add value to Medical privacy outcomes and revise understanding of Medical privacy architectures.
– What are the record-keeping requirements of GDPR activities?
– What are the short and long-term GDPR goals?
– What are the long-term GDPR goals?
Data protection Critical Criteria:
Understand Data protection management and report on developing an effective Data protection strategy.
– Privacy should not be an afterthought; a bolt-on sometime between the initial coding and delivery of a new system. It should be designed in from the start; peer-reviewed; tested and the data controller needs to be able to show that adequate security is in place; it is monitored; and that the strictest data protection policies will apply by default. If you design your own custom apps; are these the standards you work to? When deploying purchased systems; is privacy set at its tightest by default?
– You do not want to be informed of a data loss incident from the users themselves or from the data protection authority. Do you have technology that can detect breaches that have taken place; forensics available to investigate how the data was lost (or changed); and can you go back in time with full user logs and identify the incident to understand its scope and impact?
– Traditional data protection principles include fair and lawful data processing; data collection for specified, explicit, and legitimate purposes; accurate and kept up-to-date data; data retention for no longer than necessary. Are additional principles and requirements necessary for IoT applications?
– We keep record of data and store them in cloud services; for example Google Suite. There are data protection tools provided and security rules can be set. But who has the responsibility for securing them – us or Google?
– Do you see the need to support the development and implementation of technical solutions that are enhancing data protection by design and by default?
– Do you design data protection and privacy requirements into the development of your business processes and new systems?
– What are the data protection mechanisms to protect data from unauthorized external access?
– Do I have to do a Data Protection Impact Assessment under the GDPR?
– Can I dismiss someone once they become my data protection officer?
– Does my business need to appoint a Data Protection Officer (DPO)?
– What is the role of a Data Protection Officer under the GDPR?
– What qualifications does the data protection officer need?
– What will the data protection reform do for citizens?
– Do we have Data Protection Service Level Agreements?
– When must you appoint a data protection officer?
– Who will provide the final approval of GDPR deliverables?
– Why is GDPR important for you now?
– What is Data Protection?
Privacy by Design Critical Criteria:
Transcribe Privacy by Design governance and know what your objective is.
– Do you follow privacy by design and privacy by default principles when designing new systems?
– Who will be responsible for deciding whether GDPR goes ahead or not after the initial investigations?
– How is the value delivered by GDPR being measured?
– What is Privacy by Design?
Data Protection Commissioner Critical Criteria:
Grade Data Protection Commissioner adoptions and stake your claim.
– Can we add value to the current GDPR decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?
– What tools and technologies are needed for a custom GDPR project?
European Union Agency for Network and Information Security Critical Criteria:
Revitalize European Union Agency for Network and Information Security strategies and inform on and uncover unspoken needs and breakthrough European Union Agency for Network and Information Security results.
– In the case of a GDPR project, the criteria for the audit derive from implementation objectives. an audit of a GDPR project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any GDPR project is implemented as planned, and is it working?
– What are your results for key measures or indicators of the accomplishment of your GDPR strategy and action plans, including building and strengthening core competencies?
– How can the value of GDPR be defined?
Article 29 Working Party Critical Criteria:
Pay attention to Article 29 Working Party failures and oversee Article 29 Working Party requirements.
– Does GDPR analysis isolate the fundamental causes of problems?
– Will GDPR deliverables need to be tested and, if so, by whom?
Data portability Critical Criteria:
Give examples of Data portability tasks and finalize specific methods for Data portability acceptance.
– Do you know how you will comply with the new rights: the right to be rorgotten, the right to data portability and the right to object to profiling?
– The right to data portability is complimentary – is a bank obliged to provide me with information free of charge?
– Is the GDPR organization completing tasks effectively and efficiently?
– How will you know that the GDPR project has been successful?
– How to deal with GDPR Changes?
Information Commissioner’s Office Critical Criteria:
Transcribe Information Commissioner’s Office strategies and shift your focus.
– Will new equipment/products be required to facilitate GDPR delivery for example is new software needed?
– How to Secure GDPR?
European Parliament Critical Criteria:
Audit European Parliament visions and customize techniques for implementing European Parliament controls.
Electronic Frontier Foundation Critical Criteria:
Unify Electronic Frontier Foundation adoptions and define what our big hairy audacious Electronic Frontier Foundation goal is.
– Is there a GDPR Communication plan covering who needs to get what information when?
– How can you measure GDPR in a systematic way?
– Do we have past GDPR Successes?
General Data Protection Regulation Critical Criteria:
Model after General Data Protection Regulation results and create General Data Protection Regulation explanations for all managers.
– How can we incorporate support to ensure safe and effective use of GDPR into the services that we provide?
– Who is the main stakeholder, with ultimate responsibility for driving GDPR forward?
– How will you measure your GDPR effectiveness?
Right to privacy in New Zealand Critical Criteria:
Deliberate Right to privacy in New Zealand tactics and transcribe Right to privacy in New Zealand as tomorrows backbone for success.
– What are our best practices for minimizing GDPR project risk, while demonstrating incremental value and quick wins throughout the GDPR project lifecycle?
– How do we Identify specific GDPR investment and emerging trends?
– What will drive GDPR change?
Mass surveillance Critical Criteria:
Wrangle Mass surveillance failures and triple focus on important concepts of Mass surveillance relationship management.
– Why is it important to have senior management support for a GDPR project?
– What potential environmental factors impact the GDPR effort?
Google Spain v AEPD and Mario Costeja González Critical Criteria:
Deliberate over Google Spain v AEPD and Mario Costeja González planning and track iterative Google Spain v AEPD and Mario Costeja González results.
– Is GDPR dependent on the successful delivery of a current project?
– How do we go about Comparing GDPR approaches/solutions?
– Who sets the GDPR standards?
Data Protection Act, 2012 Critical Criteria:
Gauge Data Protection Act, 2012 adoptions and differentiate in coordinating Data Protection Act, 2012.
– What will be the consequences to the business (financial, reputation etc) if GDPR does not go ahead or fails to deliver the objectives?
– Can Management personnel recognize the monetary benefit of GDPR?
– What are our GDPR Processes?
Directive 95/46/EC Critical Criteria:
Adapt Directive 95/46/EC tactics and learn.
– Do you monitor the effectiveness of your GDPR activities?
– How would one define GDPR leadership?
Global Network Initiative Critical Criteria:
Deliberate Global Network Initiative strategies and oversee implementation of Global Network Initiative.
– How do senior leaders actions reflect a commitment to the organizations GDPR values?
– How do we know that any GDPR analysis is complete and comprehensive?
– Is the scope of GDPR defined?
NIS Directive Critical Criteria:
Collaborate on NIS Directive risks and define what our big hairy audacious NIS Directive goal is.
– Do the GDPR decisions we make today help people and the planet tomorrow?
– Risk factors: what are the characteristics of GDPR that make it risky?
EPrivacy Regulation Critical Criteria:
Reason over EPrivacy Regulation issues and diversify disclosure of information – dealing with confidential EPrivacy Regulation information.
– How can you negotiate GDPR successfully with a stubborn boss, an irate client, or a deceitful coworker?
– In what ways are GDPR vendors and us interacting to ensure safe and effective use?
– What is the purpose of GDPR in relation to the mission?
Government gazette Critical Criteria:
Dissect Government gazette projects and be persistent.
– How do we ensure that implementations of GDPR products are done in a way that ensures safety?
– What are all of our GDPR domains and what do they do?
Center for Democracy and Technology Critical Criteria:
Illustrate Center for Democracy and Technology governance and proactively manage Center for Democracy and Technology risks.
– What management system can we use to leverage the GDPR experience, ideas, and concerns of the people closest to the work to be done?
– What other jobs or tasks affect the performance of the steps in the GDPR process?
Privacy in Australian law Critical Criteria:
Systematize Privacy in Australian law tasks and adopt an insight outlook.
– Is GDPR Realistic, or are you setting yourself up for failure?
– What is our formula for success in GDPR ?
– Are we Assessing GDPR and Risk?
Human rights Critical Criteria:
Debate over Human rights decisions and define Human rights competency-based leadership.
– How do you determine the key elements that affect GDPR workforce satisfaction? how are these elements determined for different workforce groups and segments?
– Does GDPR systematically track and analyze outcomes for accountability and quality improvement?
– Who will be responsible for documenting the GDPR requirements in detail?
Baker & McKenzie Critical Criteria:
Concentrate on Baker & McKenzie tactics and use obstacles to break out of ruts.
– Consider your own GDPR project. what types of organizational problems do you think might be causing or affecting your problem, based on the work done so far?
– Do we all define GDPR in the same way?
Data Protection Directive Critical Criteria:
Detail Data Protection Directive management and work towards be a leading Data Protection Directive expert.
– What prevents me from making the changes I know will make me a more effective GDPR leader?
– Have all basic functions of GDPR been defined?
Privacy Rights Clearinghouse Critical Criteria:
Detail Privacy Rights Clearinghouse decisions and explain and analyze the challenges of Privacy Rights Clearinghouse.
– Do those selected for the GDPR team have a good general understanding of what GDPR is all about?
– Why should we adopt a GDPR framework?
Privacy concerns with social networking services Critical Criteria:
Test Privacy concerns with social networking services goals and question.
– Will GDPR have an impact on current business continuity, disaster recovery processes and/or infrastructure?
– How do we Improve GDPR service perception, and satisfaction?
Right to explanation Critical Criteria:
Demonstrate Right to explanation adoptions and revise understanding of Right to explanation architectures.
– Are there any easy-to-implement alternatives to GDPR? Sometimes other solutions are available that do not require the cost implications of a full-blown project?
– What are the top 3 things at the forefront of our GDPR agendas for the next 3 years?
Privacy law Critical Criteria:
Administer Privacy law projects and reduce Privacy law costs.
– Have you considered what measures you will need to implement to ensure that the cloud provider complies with all applicable federal, state, and local privacy laws, including ferpa?
– Do you conduct an annual privacy assessment to ensure that you are in compliance with privacy laws and regulations?
– What new services of functionality will be implemented next with GDPR ?
Commission nationale de l’informatique et des libertés Critical Criteria:
Depict Commission nationale de l’informatique et des libertés quality and finalize specific methods for Commission nationale de l’informatique et des libertés acceptance.
– What are the barriers to increased GDPR production?
– Who needs to know about GDPR ?
National Privacy Commission Critical Criteria:
Study National Privacy Commission outcomes and clarify ways to gain access to competitive National Privacy Commission services.
– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new GDPR in a volatile global economy?
– Which customers cant participate in our GDPR domain because they lack skills, wealth, or convenient access to existing solutions?
– How can we improve GDPR?
GDPR Critical Criteria:
Experiment with GDPR adoptions and assess and formulate effective operational and GDPR strategies.
– Parental consent is required to process the data of children younger than 16. In this sense; do all services have to keep a record of the age of users? Is it sufficient to ask the user to state his/her age; or is it also necessary to verify the stated age?
– If our GDPR management is conducted by an external company; who would be fined in the event of a personal data leak? Is the responsibility born by us; or can it be contractually transferred to the provider?
– If you have historically considered yourself to be a processor to avoid being directly subject to data protection laws, consider revisiting that conclusion. Might you be better off as a controller?
– Are we able to answer a regulator asking where did you get the data and how did the data subject agree to it being collected?
– What sort of difficult issues are you likely to face in practice?
– As the UK voted to leave the EU; does the GDPR still apply?
– HOW CAN THE DATA SUBJECT ASK TO BE FORGOTTEN?
– What use cases are affected by GDPR and how?
– What are obligations for Data Processors?
– Is the processing likely to be high risk?
– Who does the GDPR apply to?
– Is the breach high risk?
Privacy law in Denmark Critical Criteria:
Examine Privacy law in Denmark results and display thorough understanding of the Privacy law in Denmark process.
– Can we do GDPR without complex (expensive) analysis?
– Is a GDPR Team Work effort in place?
Identity theft Critical Criteria:
Have a session on Identity theft governance and track iterative Identity theft results.
– Identity theft could also be an inside job. Employees at big companies that host e-mail services have physical access to e-mail accounts. How do you know nobodys reading it?
– How likely is the current GDPR plan to come in on schedule or on budget?
Federal Data Protection and Information Commissioner Critical Criteria:
Face Federal Data Protection and Information Commissioner projects and point out Federal Data Protection and Information Commissioner tensions in leadership.
– What are the success criteria that will indicate that GDPR objectives have been met and the benefits delivered?
– Do GDPR rules make a reasonable demand on a users capabilities?
– Why are GDPR skills important?
American Civil Liberties Union Critical Criteria:
Scrutinze American Civil Liberties Union engagements and drive action.
– What are internal and external GDPR relations?
Article 29 Data Protection Working Party Critical Criteria:
Talk about Article 29 Data Protection Working Party projects and perfect Article 29 Data Protection Working Party conflict management.
– What are your key performance measures or indicators and in-process measures for the control and improvement of your GDPR processes?
Spanish Data Protection Agency Critical Criteria:
Concentrate on Spanish Data Protection Agency issues and document what potential Spanish Data Protection Agency megatrends could make our business model obsolete.
– What vendors make products that address the GDPR needs?
– What about GDPR Analysis of results?
Cellphone surveillance Critical Criteria:
Bootstrap Cellphone surveillance decisions and get answers.
– Meeting the challenge: are missed GDPR opportunities costing us money?
EU-US Privacy Shield Critical Criteria:
Discourse EU-US Privacy Shield decisions and develop and take control of the EU-US Privacy Shield initiative.
– Record-keeping requirements flow from the records needed as inputs, outputs, controls and for transformation of a GDPR process. ask yourself: are the records needed as inputs to the GDPR process available?
– What tools do you use once you have decided on a GDPR strategy and more importantly how do you choose?
Personal information management Critical Criteria:
Own Personal information management tactics and customize techniques for implementing Personal information management controls.
– What role does communication play in the success or failure of a GDPR project?
Federal Commissioner for Data Protection and Freedom of Information Critical Criteria:
Accelerate Federal Commissioner for Data Protection and Freedom of Information outcomes and create Federal Commissioner for Data Protection and Freedom of Information explanations for all managers.
– Are there GDPR Models?
European Commission Critical Criteria:
Set goals for European Commission strategies and innovate what needs to be done with European Commission.
– What are the business goals GDPR is aiming to achieve?
National data protection authorities Critical Criteria:
Probe National data protection authorities engagements and finalize specific methods for National data protection authorities acceptance.
– Have the types of risks that may impact GDPR been identified and analyzed?
Privacy International Critical Criteria:
Do a round table on Privacy International decisions and probe Privacy International strategic alliances.
– What are the Key enablers to make this GDPR move?
European Commission Data Protection Officer Critical Criteria:
Canvass European Commission Data Protection Officer governance and research ways can we become the European Commission Data Protection Officer company that would put us out of business.
– Is there any existing GDPR governance structure?
Political privacy Critical Criteria:
Concentrate on Political privacy tactics and look for lots of ideas.
– What sources do you use to gather information for a GDPR study?
Financial privacy Critical Criteria:
Facilitate Financial privacy engagements and observe effective Financial privacy.
– How will we insure seamless interoperability of GDPR moving forward?
Office of the Australian Information Commissioner Critical Criteria:
Adapt Office of the Australian Information Commissioner visions and find the essential reading for Office of the Australian Information Commissioner researchers.
– Marketing budgets are tighter, consumers are more skeptical, and social media has changed forever the way we talk about GDPR. How do we gain traction?
– Does GDPR analysis show the relationships among important GDPR factors?
Internet privacy Critical Criteria:
Brainstorm over Internet privacy adoptions and work towards be a leading Internet privacy expert.
– Does GDPR include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?
European Parliament Committee on Civil Liberties, Justice and Home Affairs Critical Criteria:
Give examples of European Parliament Committee on Civil Liberties, Justice and Home Affairs tasks and research ways can we become the European Parliament Committee on Civil Liberties, Justice and Home Affairs company that would put us out of business.
– Do we monitor the GDPR decisions made and fine tune them as they evolve?
Future of Privacy Forum Critical Criteria:
Scrutinze Future of Privacy Forum decisions and point out Future of Privacy Forum tensions in leadership.
– What is the total cost related to deploying GDPR, including any consulting or professional services?
European Data Protection Supervisor Critical Criteria:
Co-operate on European Data Protection Supervisor governance and budget for European Data Protection Supervisor challenges.
– Does GDPR create potential expectations in other areas that need to be recognized and considered?
National data protection authority Critical Criteria:
Group National data protection authority adoptions and differentiate in coordinating National data protection authority.
– What knowledge, skills and characteristics mark a good GDPR project manager?
– Is GDPR Required?
Surveillance state Critical Criteria:
Bootstrap Surveillance state issues and overcome Surveillance state skills and management ineffectiveness.
Computer Professionals for Social Responsibility Critical Criteria:
Have a session on Computer Professionals for Social Responsibility leadership and proactively manage Computer Professionals for Social Responsibility risks.
– Among the GDPR product and service cost to be estimated, which is considered hardest to estimate?
– What is our GDPR Strategy?
Expectation of privacy Critical Criteria:
Rank Expectation of privacy strategies and explore and align the progress in Expectation of privacy.
– How do we go about Securing GDPR?
– What threat is GDPR addressing?
Personal identifier Critical Criteria:
Mine Personal identifier engagements and look for lots of ideas.
– Are we making progress? and are we making progress as GDPR leaders?
Federal Act on Data Protection Critical Criteria:
Paraphrase Federal Act on Data Protection tasks and adopt an insight outlook.
– Do several people in different organizational units assist with the GDPR process?
– Are assumptions made in GDPR stated explicitly?
Danish Data Protection Agency Critical Criteria:
Focus on Danish Data Protection Agency management and point out improvements in Danish Data Protection Agency.
– What are current GDPR Paradigms?
Data breach Critical Criteria:
Detail Data breach planning and handle a jump-start course to Data breach.
– One day; you may be the victim of a data breach and need to answer questions from customers and the press immediately. Are you ready for each possible scenario; have you decided on a communication plan that reduces the impact on your support team while giving the most accurate information to the data subjects? Who is your company spokesperson and will you be ready even if the breach becomes public out of usual office hours?
– Have policies and procedures been established to ensure the continuity of data services in an event of a data breach, loss, or other disaster (this includes a disaster recovery plan)?
– What staging or emergency preparation for a data breach or E-Discovery could be established ahead of time to prepare or mitigate a data breach?
– Data breach notification: what to do when your personal data has been breached?
– Do you have a communication plan ready to go after a data breach?
– How does the GDPR affect policy surrounding data breaches?
– Are you sure you can detect data breaches?
– Who is responsible for a data breach?
Privacy-enhancing technologies Critical Criteria:
Scan Privacy-enhancing technologies outcomes and suggest using storytelling to create more compelling Privacy-enhancing technologies projects.
Swedish Data Protection Authority Critical Criteria:
Mine Swedish Data Protection Authority risks and describe which business rules are needed as Swedish Data Protection Authority interface.
– How do we keep improving GDPR?
Council of the European Union Critical Criteria:
Scrutinze Council of the European Union leadership and summarize a clear Council of the European Union focus.
– When a GDPR manager recognizes a problem, what options are available?
European Union Critical Criteria:
Deliberate European Union decisions and use obstacles to break out of ruts.
– What are the key elements of your GDPR performance improvement system, including your evaluation, organizational learning, and innovation processes?
– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these GDPR processes?
– Think of your GDPR project. what are the main functions?
European Council Critical Criteria:
Closely inspect European Council tactics and optimize European Council leadership as a key to advancement.
Information privacy law Critical Criteria:
Test Information privacy law tactics and improve Information privacy law service perception.
– What are specific GDPR Rules to follow?
International business Critical Criteria:
Extrapolate International business results and define International business competency-based leadership.
– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding GDPR?
– What are our needs in relation to GDPR skills, labor, equipment, and markets?
– Organizational structure for international business?
Social Science Research Network Critical Criteria:
Value Social Science Research Network goals and get going.
This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the GDPR Self Assessment:
Author: Gerard Blokdijk
CEO at The Art of Service | http://theartofservice.com
Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.
To address the criteria in this checklist, these selected resources are provided for sources of further research and information:
GDPR External links:
GDPR Scotland Summit
GDPR & Beyond – Homepage
Medical privacy External links:
Medical Privacy – Workplace Fairness
Data protection External links:
US Signal – IT, Cloud, Network, Data Protection, & Colocation
Data Protection Manager | Microsoft Docs
Monitoring and Data Protection | Comtrade Software
Privacy by Design External links:
[PDF]Applying Privacy by Design Best Practices to …
Privacy by Design & GDPR – IONIC SECURITY
Whoami: VPN Service – Free Access – Privacy by Design
Data Protection Commissioner External links:
Data Protection Commissioner – Official Site
GDPR will be a game-changer, says Data Protection Commissioner
Office of the Data Protection Commissioner – Home | Facebook
Data portability External links:
GDPR & Supportability of Data Portability
[PDF]7. Data Portability – Act Now
Information Commissioner’s Office External links:
Information Commissioner’s Office for Bermuda
European Parliament External links:
European Parliament members decide to bar Monsanto lobbyists
Electronic Frontier Foundation External links:
Electronic Frontier Foundation – SourceWatch
Electronic Frontier Foundation – Internet Law Treatise
Electronic Frontier Foundation – P2P Foundation
General Data Protection Regulation External links:
GDPR Summit | General Data Protection Regulation Summit
[PDF]General Data Protection Regulation (GDPR)
[PDF]EU GENERAL DATA PROTECTION REGULATION – …
Right to privacy in New Zealand External links:
The Right to Privacy in New Zealand | Privacy International
Mass surveillance External links:
Fight 215: Stop the Patriot Act’s Mass Surveillance
Safe and Sorry – Terrorism & Mass Surveillance – YouTube
A Rally Against Mass Surveillance | Stop Watching Us
Google Spain v AEPD and Mario Costeja González External links:
Google Spain v AEPD and Mario Costeja González – …
Google Spain v AEPD and Mario Costeja González
Directive 95/46/EC External links:
[PDF]E.U. Data Protection Directive 95/46/EC – …
Global Network Initiative External links:
Global Network Initiative – Official Site
Global Network Initiative – Home | Facebook
GLOBAL NETWORK INITIATIVE – GuideStar Profile
NIS Directive External links:
Steps to Prepare for the European NIS Directive – YouTube
EU NIS Directive – Summary of Requirements | SSH.COM
EPrivacy Regulation External links:
Difference between GDPR and ePrivacy regulation
GDPR and ePrivacy Regulation explainer & analysis | …
Government gazette External links:
Government Gazette (@GovtGazette) | Twitter
Dutch Government Gazette – Voice.Global
[PDF]Published in the Government Gazette, Date of …
http://veritaszim.net/sites/veritas_d/files/Public Procurement Act r.pdf
Center for Democracy and Technology External links:
Center for Democracy and Technology – GuideStar Profile
Privacy in Australian law External links:
Privacy in Australian law – broom02.revolvy.com
https://broom02.revolvy.com/topic/Privacy in Australian law
Privacy in Australian law – iSnare Free Encyclopedia
Privacy in Australian law – WOW.com
Human rights External links:
ohr | Office of Human Rights
DHRHome | NYS Human Rights
Alaska State Commission for Human Rights
Privacy Rights Clearinghouse External links:
Privacy Rights Clearinghouse
Privacy Rights Clearinghouse – Privacy Rights Clearinghouse
Privacy Rights Clearinghouse – Home | Facebook
Privacy law External links:
Privacy Law – HG.org
Perkins Privacy Law LLC
Commission nationale de l’informatique et des libertés External links:
Talk:Commission nationale de l’informatique et des libertés
CNIL – Commission Nationale de l’Informatique et des Libertés
CNIL – Commission Nationale de l’Informatique et des Libertés
National Privacy Commission External links:
National Privacy Commission – Home | Facebook
National Privacy Commission | Know your Privacy Rights!
National Privacy Commission – Posts | Facebook
GDPR External links:
GDPR Scotland Summit
GDPR & Beyond – Homepage
GDPR EU.org – Official Site
Privacy law in Denmark External links:
Privacy law in Denmark – WOW.com
Privacy Law in Denmark – Sensagent.com
http://dictionary.sensagent.com/privacy law in denmark/en-en
Privacy law in Denmark – update.revolvy.com
https://update.revolvy.com/topic/Privacy law in Denmark
Identity theft External links:
Identity Theft | Consumer Information
[PDF]Identity Theft and Your Social Security Number
Identity Theft Protection Service | Protect My ID
American Civil Liberties Union External links:
American Civil Liberties Union – SourceWatch
American Civil Liberties Union – Everything2.com
American Civil Liberties Union
Cellphone surveillance External links:
EU-US Privacy Shield External links:
EU-US Privacy Shield – Acxiom
Personal information management External links:
Personal Information Management and Integration – …
myConsents – Personal Information Management Service
Consentric | One Place for Personal Information Management
European Commission External links:
European Commission Decision | Antitrust
European Commission Code of Conduct for Data Centre …
European Commission withdraws bank separation proposal
National data protection authorities External links:
[PDF]226 List of national data protection authorities.docx)
[PDF]Many European national Data Protection Authorities …
Privacy International External links:
Invisible Manipulation: – Privacy International – Medium
Yahoo Privacy International
Metadata Explained | Privacy International – YouTube
Financial privacy External links:
Financial Privacy – Unico Bank – Your Home Grown Bank
[PDF]Right to Financial Privacy Act – The Fed
Internet privacy External links:
Internet Privacy | American Civil Liberties Union
Internet Privacy | Computer Privacy | Microsoft Privacy
Future of Privacy Forum External links:
Future of Privacy Forum
Future of Privacy Forum – Home | Facebook
European Data Protection Supervisor External links:
European Data Protection Supervisor Suggests Path …
European Data Protection Supervisor – The EU’s …
National data protection authority External links:
[PDF]National Data Protection Authority – Other …
Surveillance state External links:
OffNow – Shut Down the Surveillance State
Computer Professionals for Social Responsibility External links:
Computer Professionals for Social Responsibility …
Personal identifier External links:
[PDF]PERSONAL IDENTIFIER INFORMATION FORM – …
Federal Act on Data Protection External links:
FADP abbreviation stands for Federal Act on Data Protection
Federal Act on Data Protection – admin.ch
Danish Data Protection Agency External links:
Danish Data Protection Agency – Official Site
Danish Data Protection Agency – revolvy.com
https://www.revolvy.com/topic/Danish Data Protection Agency
Data breach External links:
What is a Data Breach? – Definition from Techopedia
Equifax Data Breach Affects Millions of Consumers. …
2017 Cost of Data Breach Calculator – IBM Security
Swedish Data Protection Authority External links:
Swedish Data Protection Authority – WOW.com
European Union External links:
European Union | World | The Guardian
EUROPA – European Union website, the official EU website
EUROPA – Countries | European Union
European Council External links:
CEC – The Co-ordinating European Council || Home
Information privacy law External links:
The Textbooks – Information Privacy Law
Information Privacy Law 9 – Drones – YouTube
Information Privacy Law | University of San Francisco
International business External links:
International Business College – Official Site
IBBA | International Business Brokers Association
International Business Machines Corp.: NYSE:IBM …
Social Science Research Network External links:
SSRN: Social Science Research Network – University of …
Social Science Research Network (SSRN)