204 GDPR Success Criteria

What is involved in GDPR

Find out what the related areas are that GDPR connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a GDPR thinking-frame.

How far is your company on its GDPR journey?

Take this short survey to gauge your organization’s progress toward GDPR leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which GDPR related domains to cover and 204 essential critical questions to check off in that domain.

The following domains are covered:

GDPR, Official Journal of the European Union, Data breach, Google Spain v AEPD and Mario Costeja González, Federal Commissioner for Data Protection and Freedom of Information, Human rights, NIS Directive, Spanish Data Protection Agency, Data Protection Directive, Social Science Research Network, Directive 95/46/EC, One-stop shop, Gross regional domestic product, Cellphone surveillance, Personal identifier, Article 29 Data Protection Working Party, National data protection authorities, Swedish Data Protection Authority, Information privacy law, Electronic Privacy Information Center, Right to privacy in New Zealand, Identity theft, National data protection authority, Norwegian Data Protection Authority, Data portability, Privacy law in Denmark, Privacy concerns with social networking services, Council of the European Union, Personally identifiable information, Information Commissioner’s Office, Federal Data Protection and Information Commissioner, EPrivacy Regulation, Article 29 Working Party, Consumer privacy, European Commission, Privacy International, Right to explanation, Electronic Frontier Foundation, Law Patent Group, NOYB – European Center for Digital Rights, Political privacy, Baker & McKenzie, Privacy laws of the United States, European Union, International business, Privacy law, Internet privacy, Data Protection Commissioner, Global surveillance, Data security, Right to be forgotten, Privacy in English law, Federal Act on Data Protection, Medical privacy, Personality rights, General Data Protection Regulation, Data protection, Commission nationale de l’informatique et des libertés, European Commission Data Protection Officer, Surveillance state, National Privacy Commission, Future of Privacy Forum, Privacy Rights Clearinghouse, European Union Agency for Network and Information Security, Right to privacy, European Parliament Committee on Civil Liberties, Justice and Home Affairs, Office of the Australian Information Commissioner, GDPR, Center for Democracy and Technology, Workplace privacy:

GDPR Critical Criteria:

Give examples of GDPR quality and correct better engagement with GDPR results.

– Is there information available on what materials will need to be presented (next year) for audits investigating whether an organization complies with GDPR?

– You will also need a process to manage requests to withdraw consent. In particular, what channels will you make available for a withdrawal of consent?

– In CRM we keep record of email addresses and phone numbers of our customers employees. Will we now need to ask for explicit permission to store them?

– If you act as processor, consider the implications of becoming directly subject to the Regulation. What liability can and should you bear?

– Can Privacy policy be handled similarly to Cookie policy – by placing a banner with a link to the whole Privacy policy on the web?

– Do you conduct large-scale systematic monitoring (including employee data) or process large amounts of sensitive personal data?

– Do data processors need explicit or unambiguous data subject consent and what is the difference?

– Data subjects can demand that their data be deleted; do you have a process for this when asked?

– Scale of processing How much personal data do you process and how sensitive is it?

– Does a video surveillance solution for public places come under GDPR?

– Do I have to do a Data Protection Impact Assessment under the GDPR?

– What is the role of a Data Protection Officer under the GDPR?

– Are there any third parties that will act as representative?

– How does the GDPR affect policy surrounding data breaches?

– How can I demonstrate I am complying with the Regulation?

– WILL THE GDPR RESTRICT PROFILING OF DATA SUBJECTS?

– What effect; if any; does Brexit have on GDPR?

– Are we asking too much of (informed) consent?

– How do we do it?

– Are you ready?

Official Journal of the European Union Critical Criteria:

Exchange ideas about Official Journal of the European Union outcomes and transcribe Official Journal of the European Union as tomorrows backbone for success.

– Meeting the challenge: are missed GDPR opportunities costing us money?

– Is maximizing GDPR protection the same as minimizing GDPR loss?

– What are internal and external GDPR relations?

Data breach Critical Criteria:

Brainstorm over Data breach failures and correct better engagement with Data breach results.

– One day; you may be the victim of a data breach and need to answer questions from customers and the press immediately. Are you ready for each possible scenario; have you decided on a communication plan that reduces the impact on your support team while giving the most accurate information to the data subjects? Who is your company spokesperson and will you be ready even if the breach becomes public out of usual office hours?

– Have policies and procedures been established to ensure the continuity of data services in an event of a data breach, loss, or other disaster (this includes a disaster recovery plan)?

– Can we add value to the current GDPR decision-making process (largely qualitative) by incorporating uncertainty modeling (more quantitative)?

– What staging or emergency preparation for a data breach or E-Discovery could be established ahead of time to prepare or mitigate a data breach?

– Would you be able to notify a data protection supervisory authority of a data breach within 72 hours?

– Data breach notification: what to do when your personal data has been breached?

– Do you have a communication plan ready to go after a data breach?

– Can we do GDPR without complex (expensive) analysis?

– Are you sure you can detect data breaches?

– Who is responsible for a data breach?

– Have all basic functions of GDPR been defined?

Google Spain v AEPD and Mario Costeja González Critical Criteria:

Conceptualize Google Spain v AEPD and Mario Costeja González management and check on ways to get started with Google Spain v AEPD and Mario Costeja González.

– How do we ensure that implementations of GDPR products are done in a way that ensures safety?

– Are there GDPR problems defined?

– What threat is GDPR addressing?

Federal Commissioner for Data Protection and Freedom of Information Critical Criteria:

Co-operate on Federal Commissioner for Data Protection and Freedom of Information adoptions and do something to it.

– Who sets the GDPR standards?

Human rights Critical Criteria:

Depict Human rights decisions and ask what if.

– Are there recognized GDPR problems?

– What are our GDPR Processes?

NIS Directive Critical Criteria:

Illustrate NIS Directive results and simulate teachings and consultations on quality process improvement of NIS Directive.

– What are your results for key measures or indicators of the accomplishment of your GDPR strategy and action plans, including building and strengthening core competencies?

– Do we have past GDPR Successes?

Spanish Data Protection Agency Critical Criteria:

Differentiate Spanish Data Protection Agency projects and get the big picture.

– Do those selected for the GDPR team have a good general understanding of what GDPR is all about?

– Who are the people involved in developing and implementing GDPR?

– What sources do you use to gather information for a GDPR study?

Data Protection Directive Critical Criteria:

Unify Data Protection Directive tasks and gather practices for scaling Data Protection Directive.

– Is there a GDPR Communication plan covering who needs to get what information when?

– Do GDPR rules make a reasonable demand on a users capabilities?

Social Science Research Network Critical Criteria:

Face Social Science Research Network outcomes and proactively manage Social Science Research Network risks.

– What are the barriers to increased GDPR production?

– What are the business goals GDPR is aiming to achieve?

– Who needs to know about GDPR ?

Directive 95/46/EC Critical Criteria:

Track Directive 95/46/EC planning and work towards be a leading Directive 95/46/EC expert.

– Why is GDPR important for you now?

One-stop shop Critical Criteria:

Look at One-stop shop projects and find answers.

– Why is it important to have senior management support for a GDPR project?

– What are your most important goals for the strategic GDPR objectives?

Gross regional domestic product Critical Criteria:

Reason over Gross regional domestic product adoptions and visualize why should people listen to you regarding Gross regional domestic product.

– Among the GDPR product and service cost to be estimated, which is considered hardest to estimate?

– Does the GDPR task fit the clients priorities?

Cellphone surveillance Critical Criteria:

Extrapolate Cellphone surveillance outcomes and look for lots of ideas.

– Are there any easy-to-implement alternatives to GDPR? Sometimes other solutions are available that do not require the cost implications of a full-blown project?

– What are your key performance measures or indicators and in-process measures for the control and improvement of your GDPR processes?

– To what extent does management recognize GDPR as a tool to increase the results?

Personal identifier Critical Criteria:

Examine Personal identifier tasks and proactively manage Personal identifier risks.

– What may be the consequences for the performance of an organization if all stakeholders are not consulted regarding GDPR?

– How do we manage GDPR Knowledge Management (KM)?

– Do we all define GDPR in the same way?

Article 29 Data Protection Working Party Critical Criteria:

Gauge Article 29 Data Protection Working Party goals and oversee Article 29 Data Protection Working Party management by competencies.

– How do we Improve GDPR service perception, and satisfaction?

National data protection authorities Critical Criteria:

Mine National data protection authorities quality and know what your objective is.

– Think about the kind of project structure that would be appropriate for your GDPR project. should it be formal and complex, or can it be less formal and relatively simple?

– Where do ideas that reach policy makers and planners as proposals for GDPR strengthening and reform actually originate?

– Who will be responsible for deciding whether GDPR goes ahead or not after the initial investigations?

Swedish Data Protection Authority Critical Criteria:

Scan Swedish Data Protection Authority projects and slay a dragon.

– Is GDPR Realistic, or are you setting yourself up for failure?

– How do we maintain GDPRs Integrity?

Information privacy law Critical Criteria:

Participate in Information privacy law results and change contexts.

– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these GDPR processes?

– How to deal with GDPR Changes?

Electronic Privacy Information Center Critical Criteria:

Confer over Electronic Privacy Information Center risks and sort Electronic Privacy Information Center activities.

– In a project to restructure GDPR outcomes, which stakeholders would you involve?

Right to privacy in New Zealand Critical Criteria:

Have a session on Right to privacy in New Zealand decisions and question.

– Will new equipment/products be required to facilitate GDPR delivery for example is new software needed?

– Risk factors: what are the characteristics of GDPR that make it risky?

Identity theft Critical Criteria:

Jump start Identity theft tactics and point out Identity theft tensions in leadership.

– Identity theft could also be an inside job. Employees at big companies that host e-mail services have physical access to e-mail accounts. How do you know nobodys reading it?

– Will GDPR have an impact on current business continuity, disaster recovery processes and/or infrastructure?

– Does GDPR systematically track and analyze outcomes for accountability and quality improvement?

National data protection authority Critical Criteria:

Learn from National data protection authority risks and integrate design thinking in National data protection authority innovation.

– What potential environmental factors impact the GDPR effort?

Norwegian Data Protection Authority Critical Criteria:

Do a round table on Norwegian Data Protection Authority outcomes and attract Norwegian Data Protection Authority skills.

– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to GDPR?

– How likely is the current GDPR plan to come in on schedule or on budget?

– Have the types of risks that may impact GDPR been identified and analyzed?

Data portability Critical Criteria:

Inquire about Data portability results and report on setting up Data portability without losing ground.

– Do you know how you will comply with the new rights: the right to be rorgotten, the right to data portability and the right to object to profiling?

– The right to data portability is complimentary – is a bank obliged to provide me with information free of charge?

– What is the source of the strategies for GDPR strengthening and reform?

– How do we keep improving GDPR?

Privacy law in Denmark Critical Criteria:

Design Privacy law in Denmark tasks and research ways can we become the Privacy law in Denmark company that would put us out of business.

– What are the disruptive GDPR technologies that enable our organization to radically change our business processes?

– How do mission and objectives affect the GDPR processes of our organization?

– What is our GDPR Strategy?

Privacy concerns with social networking services Critical Criteria:

Facilitate Privacy concerns with social networking services tactics and report on developing an effective Privacy concerns with social networking services strategy.

– How do we Identify specific GDPR investment and emerging trends?

– How can the value of GDPR be defined?

– How do we Lead with GDPR in Mind?

Council of the European Union Critical Criteria:

Have a round table over Council of the European Union governance and shift your focus.

– Who will be responsible for documenting the GDPR requirements in detail?

Personally identifiable information Critical Criteria:

Weigh in on Personally identifiable information visions and reinforce and communicate particularly sensitive Personally identifiable information decisions.

– When sharing data, are appropriate procedures, such as sharing agreements, put in place to ensure that any Personally identifiable information remains strictly confidential and protected from unauthorized disclosure?

– What other jobs or tasks affect the performance of the steps in the GDPR process?

– Does the company collect personally identifiable information electronically?

– What is Personal Data or Personally Identifiable Information (PII)?

Information Commissioner’s Office Critical Criteria:

Graph Information Commissioner’s Office risks and probe using an integrated framework to make sure Information Commissioner’s Office is getting what it needs.

– Which individuals, teams or departments will be involved in GDPR?

– What are all of our GDPR domains and what do they do?

Federal Data Protection and Information Commissioner Critical Criteria:

Collaborate on Federal Data Protection and Information Commissioner outcomes and use obstacles to break out of ruts.

– What will be the consequences to the business (financial, reputation etc) if GDPR does not go ahead or fails to deliver the objectives?

EPrivacy Regulation Critical Criteria:

Categorize EPrivacy Regulation leadership and test out new things.

– Do we cover the five essential competencies-Communication, Collaboration,Innovation, Adaptability, and Leadership that improve an organizations ability to leverage the new GDPR in a volatile global economy?

Article 29 Working Party Critical Criteria:

Explore Article 29 Working Party planning and transcribe Article 29 Working Party as tomorrows backbone for success.

– Is Supporting GDPR documentation required?

– What are the long-term GDPR goals?

Consumer privacy Critical Criteria:

Chart Consumer privacy decisions and plan concise Consumer privacy education.

European Commission Critical Criteria:

Cut a stake in European Commission goals and define what our big hairy audacious European Commission goal is.

– What management system can we use to leverage the GDPR experience, ideas, and concerns of the people closest to the work to be done?

– What business benefits will GDPR goals deliver if achieved?

Privacy International Critical Criteria:

Incorporate Privacy International visions and look in other fields.

– Will GDPR deliverables need to be tested and, if so, by whom?

– Why are GDPR skills important?

Right to explanation Critical Criteria:

Talk about Right to explanation leadership and get answers.

Electronic Frontier Foundation Critical Criteria:

Think carefully about Electronic Frontier Foundation risks and remodel and develop an effective Electronic Frontier Foundation strategy.

– A compounding model resolution with available relevant data can often provide insight towards a solution methodology; which GDPR models, tools and techniques are necessary?

– How do we measure improved GDPR service perception, and satisfaction?

– What vendors make products that address the GDPR needs?

Law Patent Group Critical Criteria:

Coach on Law Patent Group outcomes and transcribe Law Patent Group as tomorrows backbone for success.

– What are your current levels and trends in key measures or indicators of GDPR product and process performance that are important to and directly serve your customers? how do these results compare with the performance of your competitors and other organizations with similar offerings?

– How can skill-level changes improve GDPR?

NOYB – European Center for Digital Rights Critical Criteria:

Illustrate NOYB – European Center for Digital Rights projects and find out what it really means.

– Does GDPR analysis isolate the fundamental causes of problems?

– Why should we adopt a GDPR framework?

Political privacy Critical Criteria:

Exchange ideas about Political privacy projects and look in other fields.

– What are the Essentials of Internal GDPR Management?

Baker & McKenzie Critical Criteria:

Audit Baker & McKenzie results and pioneer acquisition of Baker & McKenzie systems.

– What are our best practices for minimizing GDPR project risk, while demonstrating incremental value and quick wins throughout the GDPR project lifecycle?

– What are specific GDPR Rules to follow?

Privacy laws of the United States Critical Criteria:

Survey Privacy laws of the United States risks and know what your objective is.

– Is the GDPR organization completing tasks effectively and efficiently?

European Union Critical Criteria:

Collaborate on European Union results and document what potential European Union megatrends could make our business model obsolete.

International business Critical Criteria:

Systematize International business issues and correct International business management by competencies.

– Organizational structure for international business?

Privacy law Critical Criteria:

Coach on Privacy law goals and drive action.

– Have you considered what measures you will need to implement to ensure that the cloud provider complies with all applicable federal, state, and local privacy laws, including ferpa?

– Do you conduct an annual privacy assessment to ensure that you are in compliance with privacy laws and regulations?

– What about GDPR Analysis of results?

Internet privacy Critical Criteria:

Study Internet privacy outcomes and point out Internet privacy tensions in leadership.

– What prevents me from making the changes I know will make me a more effective GDPR leader?

– Are there GDPR Models?

Data Protection Commissioner Critical Criteria:

Examine Data Protection Commissioner results and attract Data Protection Commissioner skills.

Global surveillance Critical Criteria:

Substantiate Global surveillance decisions and don’t overlook the obvious.

– At what point will vulnerability assessments be performed once GDPR is put into production (e.g., ongoing Risk Management after implementation)?

Data security Critical Criteria:

Sort Data security adoptions and report on the economics of relationships managing Data security and constraints.

– Does the cloud solution offer equal or greater data security capabilities than those provided by your organizations data center?

– What are the minimum data security requirements for a database containing personal financial transaction records?

– Do these concerns about data security negate the value of storage-as-a-service in the cloud?

– What are the challenges related to cloud computing data security?

– So, what should you do to mitigate these risks to data security?

– Are assumptions made in GDPR stated explicitly?

– Does it contain data security obligations?

– What is Data Security at Physical Layer?

– What is Data Security at Network Layer?

– How will you manage data security?

Right to be forgotten Critical Criteria:

Grasp Right to be forgotten failures and frame using storytelling to create more compelling Right to be forgotten projects.

– Is the right to be forgotten absolute? If a customer orders goods; and I need his information to complete the order; do I have to delete that information upon request?

– How far into the backup and archive history do the right to be forgotten requirements apply?

– Is there an (absolute) right to be forgotten under existing law?

– What are the short and long-term GDPR goals?

Privacy in English law Critical Criteria:

Bootstrap Privacy in English law decisions and point out improvements in Privacy in English law.

– What are the key elements of your GDPR performance improvement system, including your evaluation, organizational learning, and innovation processes?

Federal Act on Data Protection Critical Criteria:

Own Federal Act on Data Protection leadership and point out improvements in Federal Act on Data Protection.

– What other organizational variables, such as reward systems or communication systems, affect the performance of this GDPR process?

Medical privacy Critical Criteria:

Match Medical privacy leadership and describe the risks of Medical privacy sustainability.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent GDPR services/products?

Personality rights Critical Criteria:

Disseminate Personality rights tactics and intervene in Personality rights processes and leadership.

– What tools do you use once you have decided on a GDPR strategy and more importantly how do you choose?

– What are the usability implications of GDPR actions?

– What are current GDPR Paradigms?

General Data Protection Regulation Critical Criteria:

Check General Data Protection Regulation governance and clarify ways to gain access to competitive General Data Protection Regulation services.

– Are accountability and ownership for GDPR clearly defined?

Data protection Critical Criteria:

Test Data protection leadership and customize techniques for implementing Data protection controls.

– You do not want to be informed of a data loss incident from the users themselves or from the data protection authority. Do you have technology that can detect breaches that have taken place; forensics available to investigate how the data was lost (or changed); and can you go back in time with full user logs and identify the incident to understand its scope and impact?

– We keep record of data and store them in cloud services; for example Google Suite. There are data protection tools provided and security rules can be set. But who has the responsibility for securing them – us or Google?

– If you have historically considered yourself to be a processor to avoid being directly subject to data protection laws, consider revisiting that conclusion. Might you be better off as a controller?

– Do you see the need to support the development and implementation of technical solutions that are enhancing data protection by design and by default?

– Do you have a data protection programme and are you able to provide evidence of how you comply with the requirements of the GDPR?

– What are the data protection mechanisms to control access to data from external sources that temporarily have internal residence?

– What ITIL best practices, security and data protection standards and guidelines are in use by the cloud service provider?

– What are the data protection mechanisms to protect data from unauthorized external access?

– What tools and technologies are needed for a custom GDPR project?

– Does my business need to appoint a Data Protection Officer (DPO)?

– DOES THE GDPR SET UP A CENTRAL EU DATA PROTECTION AUTHORITY?

– Do I have to appoint a Data Protection Officer for the GDPR?

– What qualifications does the data protection officer need?

– What will the data protection reform do for citizens?

– When must you appoint a data protection officer?

– What is Data Protection?

Commission nationale de l’informatique et des libertés Critical Criteria:

Extrapolate Commission nationale de l’informatique et des libertés issues and attract Commission nationale de l’informatique et des libertés skills.

– How do senior leaders actions reflect a commitment to the organizations GDPR values?

European Commission Data Protection Officer Critical Criteria:

Recall European Commission Data Protection Officer management and stake your claim.

– How will you know that the GDPR project has been successful?

– How would one define GDPR leadership?

Surveillance state Critical Criteria:

Depict Surveillance state adoptions and don’t overlook the obvious.

National Privacy Commission Critical Criteria:

Merge National Privacy Commission risks and budget the knowledge transfer for any interested in National Privacy Commission.

– Do we monitor the GDPR decisions made and fine tune them as they evolve?

Future of Privacy Forum Critical Criteria:

Match Future of Privacy Forum failures and ask questions.

– Does GDPR analysis show the relationships among important GDPR factors?

– Can Management personnel recognize the monetary benefit of GDPR?

– Is a GDPR Team Work effort in place?

Privacy Rights Clearinghouse Critical Criteria:

Drive Privacy Rights Clearinghouse tasks and get the big picture.

– How do we go about Comparing GDPR approaches/solutions?

European Union Agency for Network and Information Security Critical Criteria:

Prioritize European Union Agency for Network and Information Security outcomes and revise understanding of European Union Agency for Network and Information Security architectures.

– What is the purpose of GDPR in relation to the mission?

– What is Effective GDPR?

Right to privacy Critical Criteria:

Generalize Right to privacy failures and gather Right to privacy models .

– When a GDPR manager recognizes a problem, what options are available?

– How do we know that any GDPR analysis is complete and comprehensive?

European Parliament Committee on Civil Liberties, Justice and Home Affairs Critical Criteria:

Grasp European Parliament Committee on Civil Liberties, Justice and Home Affairs projects and slay a dragon.

Office of the Australian Information Commissioner Critical Criteria:

Talk about Office of the Australian Information Commissioner visions and revise understanding of Office of the Australian Information Commissioner architectures.

GDPR Critical Criteria:

Communicate about GDPR quality and oversee implementation of GDPR.

– Im working in an online services business and I collect the email addresses and IP addresses of my customers. I use these email addresses to send promotional messages. I use a cloud email tool to mass email. Do I need to extend my Terms of Use with an agreement of processing personal data or do I need to take additional steps to protect email addresses?

– Does GDPR apply also to contact information collected before the regulation comes into force? Do we have to ask our customers for their permission again; so that the new requirements are met?

– Are we able to answer a regulator asking where did you get the data and how did the data subject agree to it being collected?

– Do you follow privacy by design and privacy by default principles when designing new systems?

– Are there any specific rules businesses should be following in order to ensure compliance?

– Who regulates/controls wording of the Consent for personal data processing document?

– What are the key things I should consider when handling personal data?

– Will the GDPR set up a one-stop-shop for data privacy regulation?

– Do you have a process to provide data to individuals who ask?

– Is employee attendance also considered to be personal data?

– What will the penalites be for failing to comply with GDPR?

– DOES THE GDPR ALLOW FLEXIBILITY IN ITS APPLICATION?

– Do you have a process to delete data if demanded?

– HOW CAN THE DATA SUBJECT ASK TO BE FORGOTTEN?

– What use cases are affected by GDPR and how?

– Do you know where your data is today?

– RELY ON IMPLICIT CONSENT?

Center for Democracy and Technology Critical Criteria:

Ventilate your thoughts about Center for Democracy and Technology engagements and gather practices for scaling Center for Democracy and Technology.

– What new services of functionality will be implemented next with GDPR ?

Workplace privacy Critical Criteria:

Demonstrate Workplace privacy goals and oversee Workplace privacy management by competencies.

– Does GDPR include applications and information with regulatory compliance significance (or other contractual conditions that must be formally complied with) in a new or unique manner for which no approved security requirements, templates or design models exist?

Conclusion:

This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the GDPR Self Assessment:

store.theartofservice.com/GDPR-Complete-Self-Assessment/

Author: Gerard Blokdijk

CEO at The Art of Service | theartofservice.com

gerard.blokdijk@theartofservice.com

www.linkedin.com/in/gerardblokdijk

Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

GDPR External links:

GDPR Compliance Checklist | HubSpot
www.hubspot.com/data-privacy/gdpr-checklist

Official Journal of the European Union External links:

[PDF]8.6.2017 EN Official Journal of the European Union C 180/5
www.dlsemc.com/EU/RED-OJ-HS-June-2017.pdf

[PDF]L 102/48 Official Journal of the European Union 7.4
www.who.int/ethics/en/ETH_EU_Directive_2004_23_EC.pdf

Official Journal of the European Union – emergogroup.com
www.emergogroup.com/tags/official-journal-european-union

Data breach External links:

What is data breach? – Definition from WhatIs.com
searchsecurity.techtarget.com/definition/data-breach

Data Breach Insurance | Cyber Liability | The Hartford
www.thehartford.com/data-breach-insurance

Google Spain v AEPD and Mario Costeja González External links:

Google Spain v AEPD and Mario Costeja González – WOW.com
content.wow.com/wiki/Google_Spain_v_AEPD_and_Mario_Costeja_González

Google Spain v AEPD and Mario Costeja González
h2o.law.harvard.edu/cases/5076

Human rights External links:

National Center for Civil and Human Rights – Official Site
www.civilandhumanrights.org

Universal Declaration of Human Rights | United Nations
www.un.org/en/universal-declaration-human-rights/index.html

ohr | Office of Human Rights
ohr.dc.gov

NIS Directive External links:

2018: The year of the NIS Directive – Help Net Security
www.helpnetsecurity.com/2018/01/03/nis-directive

Data Protection Directive External links:

Data Protection Directive | E-crime Expert blog
ecrimeexpertblog.wordpress.com/tag/data-protection-directive

European Union Data Protection Directive Privacy Statement
www.marriott.com/corporateinfo/euswissprivacy.mi

EU Data Protection Directive – IAPP
iapp.org/resources/article/eu-data-protection-directive

Social Science Research Network External links:

social science research network | The Stem Cellar
blog.cirm.ca.gov/tag/social-science-research-network

Social Science Research Network | USC Libraries
libraries.usc.edu/databases/social-science-research-network

[PDF]SOCIAL SCIENCE RESEARCH NETWORK
law.ucdavis.edu/faculty-activity/files/UCDavisSSRNVol8No6.pdf

Directive 95/46/EC External links:

[PDF]E.U. Data Protection Directive 95/46/EC – …
download.pgp.com/pdfs/regulations/EUD_compliance_brief-080618.pdf

One-stop shop External links:

One-Stop Shop – Investopedia
investopedia.com/terms/o/onestopshop.asp

Personal identifier External links:

Confidential Personal Identifier Forms – Supreme Court of Ohio
www.supremecourt.ohio.gov/Boards/superintendence/PAR/PIF

[PDF]Personal Identifier Reference List – Hamilton County …
courtclerk.org/forms/muni_pir.pdf

Personal Identifier Confidentiality – New York State Assembly
assembly.state.ny.us/comm/Consumer/20080501n

Swedish Data Protection Authority External links:

Swedish Data Protection Authority – WOW.com
www.wow.com/wiki/Swedish_Data_Protection_Authority

Swedish Data Protection Authority – Revolvy
update.revolvy.com/topic/Swedish Data Protection Authority

Information privacy law External links:

The Textbooks – Information Privacy Law
www.informationprivacylaw.com

Information Privacy Law – University of Maine School of Law
mainelaw.maine.edu/admissions/information-privacy-law

Electronic Privacy Information Center External links:

Electronic Privacy Information Center :: Law360
www.law360.com/companies/electronic-privacy-information-center

Right to privacy in New Zealand External links:

Right to privacy in New Zealand – update.revolvy.com
update.revolvy.com/topic/Right to privacy in New Zealand

Right to privacy in New Zealand – WOW.com
www.wow.com/wiki/The_right_to_privacy_in_New_Zealand

Identity theft External links:

Identity Theft Recovery Steps | IdentityTheft.gov
www.identitytheft.gov

Land Title: Identity Theft
www.ltgc.com/marketing/topic?id=114

[PDF]Identity Theft and Your Social Security Number
www.ssa.gov/pubs/EN-05-10064.pdf

National data protection authority External links:

[PDF]National Data Protection Authority – Other Government …
www.mofo.com/privacy-library/privacy-mexico.pdf

Norwegian Data Protection Authority External links:

Norwegian Data Protection Authority – WOW.com
www.wow.com/wiki/Norwegian_Data_Inspectorate

CCIS | The Norwegian Data Protection Authority
ccis.no/partnere/norwegian-data-protection-authority

Privacy law in Denmark External links:

Privacy law in Denmark – Revolvy
broom02.revolvy.com/topic/Privacy law in Denmark

Personally identifiable information External links:

Personally Identifiable Information (PII)
www.rmda.army.mil/privacy/PII/PII-report.html

Information Commissioner’s Office External links:

Information Commissioner’s Office – YouTube
www.youtube.com/channel/UCFVNJT2oNNsVr2hY2KYWszQ

Information Commissioner’s Office for Bermuda
www.ico.bm

ICO Blog | The Information Commissioner’s Office
iconewsblog.org.uk

EPrivacy Regulation External links:

EU ePrivacy Regulation – IAPP
iapp.org/resources/topics/eu-eprivacy-regulation

Difference between GDPR and ePrivacy regulation
www.privacytrust.com/guidance/gdpr-vs-eprivacy-regulation.html

Consumer privacy External links:

U.S. Consumer Privacy Notice from Bank of America
www.bankofamerica.com/privacy/consumer-privacy-notice.go

Consumer Privacy | American Civil Liberties Union
www.aclu.org/issues/privacy-technology/consumer-privacy

Consumer Privacy Pledge | Privacy Policies | U.S. Bank
www.usbank.com/privacy/pledge.html

European Commission External links:

European Commission | European organization | …
www.britannica.com/topic/European-Commission

Privacy International External links:

Invisible Manipulation: – Privacy International – Medium
medium.com/@privacyint/invisible-manipulation-efb4243011ca

Privacy International, London, United Kingdom. 5.2K likes. Privacy International is committed to fighting for the right to privacy across the world.
4.8/5(16)

Privacy International – Home | Facebook
www.facebook.com/PrivacyInternational

Electronic Frontier Foundation External links:

Electronic Frontier Foundation – Google+
plus.google.com/+eff

Electronic Frontier Foundation (EFF) – Home | Facebook
www.facebook.com/eff

Electronic Frontier Foundation Inc – GuideStar Profile
www.guidestar.org/profile/04-3091431

Law Patent Group External links:

Stoneman Law Patent Group – Home | Facebook
www.facebook.com/StonemanLawPatentGroup

Baker & McKenzie External links:

European Union External links:

European Union (EU) Export Certificate List
www.accessdata.fda.gov/scripts/fdcc/?set=EUCert

EUROPA – European Union website, the official EU website
europa.eu

International business External links:

International Business College – Official Site
www.ibcindianapolis.edu

International business
International business consists of trades and transactions at a global level. These include the trade of goods, services, technology, capital and/or knowledge. It involves cross-border transactions of goods and services between two or more countries. Transactions of economic resources include capital, skills, and people for the purpose of the international production of physical goods and services such as finance, banking, insurance, and construction. International business is also known as globalization. Globalization refers to the international trade between countries, which in turn refers to the tendency of international trade, investments, information technology and outsourced manufacturing to weave the economies of diverse countries together. To conduct business overseas, multinational companies need to separate national markets into one global marketplace. In essence there are two macro factors that underline the trend of greater globalization. The first macro-factor consists of eliminating barriers to make cross-border trade easier, such as the free flow of goods and services, and capital. The second macro-factor is technological change, particularly developments in communication, information processing, …

Internet privacy External links:

Internet Privacy | American Civil Liberties Union
www.aclu.org/issues/privacy-technology/internet-privacy

Internet Privacy Policy | CareCredit
www.carecredit.com/privacy

Data Protection Commissioner External links:

GDPR – Data Protection Commissioner – Ireland
www.dataprotection.ie/docs/GDPR/1623.htm

Office of the Data Protection Commissioner – Home | Facebook
www.facebook.com/dataprotection242

Data Protection Commissioner short film – YouTube
www.youtube.com/watch?v=waH2Pc0_mo0

Global surveillance External links:

global surveillance « Jesus Christ Is Lord
healtheland.wordpress.com/tag/global-surveillance

Module 2: WHO and CDC Global Surveillance Systems
www.uniteforsight.org/surveillance/module2

Global Surveillance Systems Inc.
www.gsscctv.com/

Data security External links:

FedEx Data Security Upgrade
www.fedex.com/us/securityupgrade

Data Security from Multiple Levels of Protection | H&R Block®
www.hrblock.com/data-security

What is data security – answers.com
www.answers.com/Q/What_is_data_security

Right to be forgotten External links:

Right To Be Forgotten | Search Engine Land
searchengineland.com/library/legal/legal-right-to-be-forgotten

Right to be forgotten – ReputationDefender UK
uk.reputationdefender.com/right-to-be-forgotten

Google and the Right to Be Forgotten | The New Yorker
www.newyorker.com/magazine/2014/09/29/solace-oblivion

Privacy in English law External links:

Privacy in English Law Flashcards | Quizlet
quizlet.com/142232553/privacy-in-english-law-flash-cards

The Right to Privacy in English Law
repository.library.georgetown.edu/handle/10822/1014270

Federal Act on Data Protection External links:

Federal Act on Data Protection – Magarental
www.magarental.com/federal-act-on-data-protection

FADP abbreviation stands for Federal Act on Data Protection
www.allacronyms.com/FADP/Federal_Act_on_Data_Protection

Federal Act on Data Protection (FADP) – admin.ch
www.admin.ch/opc/en/classified-compilation/19920153/index.html

Medical privacy External links:

Medical Privacy – Workplace Fairness
www.workplacefairness.org/medical-privacy-workplace

Personality rights External links:

Chapter 63.60 RCW: PERSONALITY RIGHTS
apps.leg.wa.gov/RCW/default.aspx?cite=63.60&full=true

General Data Protection Regulation External links:

GDPR – The General Data Protection Regulation
www.privacytrust.com/gdpr

[PDF]General Data Protection Regulation (GDPR)
www.wipro.com/documents/general-data-protection-regulation-gdpr.pdf

Data protection External links:

Office of Privacy and Data Protection
privacy.wa.gov

Information Security and Data Protection | Microsoft
www.microsoft.com/en-us/cloud-platform/information-protection

Google Privacy | Why data protection matters
privacy.google.com

Surveillance state External links:

OffNow – Shut Down the Surveillance State
offnow.org

National Privacy Commission External links:

National Privacy Commission
privacy.gov.ph

National Privacy Commission – Home | Facebook
www.facebook.com/privacy.gov.ph

National Privacy Commission – Photos | Facebook
www.facebook.com/privacy.gov.ph/photos

Future of Privacy Forum External links:

Director of Operations | Future of Privacy Forum
fpf.org/director-of-operations

Future of Privacy Forum – Posts | Facebook
www.facebook.com/FutureofPrivacy/posts

Privacy Rights Clearinghouse External links:

Privacy Rights Clearinghouse – Home | Facebook
www.facebook.com/privacyrights

Privacy Rights Clearinghouse
www.privacyrights.org

Privacy Rights Clearinghouse :: Law360
www.law360.com/companies/privacy-rights-clearinghouse

Right to privacy External links:

Confidentiality & Right to Privacy :: Title IX
www.bellevuecollege.edu/titleix/rights/privacy

Right to Privacy: Constitutional Rights & Privacy Laws
www.livescience.com/37398-right-to-privacy.html

Right to Privacy – Shmoop
www.shmoop.com/right-to-privacy

Office of the Australian Information Commissioner External links:

Office of the Australian Information Commissioner – Facebook
www.facebook.com/OAICgov/posts/1638018916268672

GDPR External links:

GDPR Compliance Checklist | HubSpot
www.hubspot.com/data-privacy/gdpr-checklist

Center for Democracy and Technology External links:

Center for Democracy and Technology – GuideStar Profile
www.guidestar.org/profile/52-1905358

Center for Democracy and Technology | TheHill
thehill.com/social-tags/center-for-democracy-and-technology

Workplace privacy External links:

Workplace Privacy | American Civil Liberties Union
www.aclu.org/issues/privacy-technology/workplace-privacy

Employee Workplace Privacy Rights – employeeissues.com
www.employeeissues.com/workplace_privacy.htm

Workplace Privacy Flashcards | Quizlet
quizlet.com/50580133/workplace-privacy-flash-cards

Leave a Reply

Your email address will not be published. Required fields are marked *