Scribd
Upload
103 views

GDPR Beginners Handbook

The document provides an overview of key GDPR compliance requirements for organizations collecting and processing personal data of EU residents. It outlines 12 steps to prepare for GDPR compliance and lists mandatory documents required by the GDPR, such as a privacy policy, data protection officer job description, and data breach response procedure. It also describes additional documents that may be required depending on an organization's specific data processing activities and use of processors and vendors.

Uploaded by

Agni Dev
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
103 views

GDPR Beginners Handbook

The document provides an overview of key GDPR compliance requirements for organizations collecting and processing personal data of EU residents. It outlines 12 steps to prepare for GDPR compliance and lists mandatory documents required by the GDPR, such as a privacy policy, data protection officer job description, and data breach response procedure. It also describes additional documents that may be required depending on an organization's specific data processing activities and use of processors and vendors.

Uploaded by

Agni Dev
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Follow Ministry of Security on

GDPR Compliance Journey:


A Beginners Guide

Page 1|6
Follow Ministry of Security on

Introduction
The General Data Protection Regulation (GDPR) is a data privacy and
security regulation put into effect by European Union.
The GDPR imposes obligations on all organizations that collect and process
personal data of EU residents, even if these organizations operate outside the
EU.
GDPR is considered the strictest regulation in the world for securing users’
personal data, with fines for non-compliance reaching more than €20 million
or 4% of global turnover.
The GDPR’s two primary focus areas are personal data and data processing:

Key Data-Related GDPR Terms

Page 2|6
Follow Ministry of Security on

Who must comply with the GDPR?


Any organizations that processes or stores personal information of EU
residents is obliged to comply with the GDPR, even if the organization is
located outside the EU.

Note: The GDPR still applies to UK residents after Brexit, as the United Kingdom has retained
identical requirements in its own UK-GDPR.

Do you need to comply with GDPR?

Page 3|6
Follow Ministry of Security on

12 Steps to Prepare for GDPR Compliance

Page 4|6
Follow Ministry of Security on

Mandatory documents required by EU GDPR


Article # Document Name Explanation
This is a top-level document for managing
Personal Data Protection
Article 24 privacy in your company, which defines
Policy
what you want to achieve and how.
A public statement made to a data subject
that describes how the organization
Article 12,13,14 Privacy Notice
collects, uses, retains and discloses
personal information
A statement made to employee to describe
Article 12,13,14 Employee Privacy Notice how an organization is going to process
personal data of employees
Describes the process of deciding how long
Article a particular type of personal data will be
Data retention policy
5,13,17,30 kept, and how it will be securely
destroyed.
Lists all of your personal data and
Article 30 Data Retention Schedule describes how long each type of data will
be kept.
Most common way to obtain consent from
Data Subject Consent
Article 6,7,9 a data subject to process his/her personal
Form
data
If the data subject is below the age of 16
Article 8 Parental Consent Form years, then a parent needs to provide the
consent for processing personal data.
Article 35 DPIA Register A record of all the results from DPIA
Supplier Data Processing To regulate data protection with a
Article 28,32,82
Agreement processor or any other supplier.
Data Breach Response Describes how to handle a data breach -
Article 4,33,34 and Notification what to do before, during and after a data
Procedure breach
Article 33 Data Breach Register To record all your data breaches
Data Breach Notification
A form to notify formally to Supervisory
Article 33 Form to the Supervisory
Authority
Authority
Data Breach Notification
Article 34 A form to notify formally to Data subjects
Form to Data Subjects

Page 5|6
Follow Ministry of Security on

Documents that are needed under certain conditions


Document
Article # Conditions
Name
1.You are a public authority or body, except for
courts acting in their judicial capacity;
2. Your core activities consist of processing
Data Protection
Article operations that require regular and systematic
Officer Job
37,38,39 monitoring of data subjects on a large scale; or
Description
3. Your core activities process on a large-scale
special category of data and personal data relating to
criminal convictions and offences.
1. Your organization has more than 250 employees;
or
2. The processing you carry out is likely to result in a
Inventory of risk to the rights and freedoms of data subjects; or
Article 30 Processing 3. The processing is not occasional; or
Activities 4. The processing includes special categories of data;
or
5. The processing includes personal data relating to
criminal convictions and offences
Standard
Contractual This document is mandatory if there is a transfer of
Clauses for the personal data to a non-EU member state and there is
Article 46
Transfer of dependence on model clauses as lawful grounds for
Personal Data to cross border data transfers.
Controllers
Standard
This document is mandatory if there is a transfer of
Contractual
personal data to a processor outside the European
Clauses for the
Article 46 Economic Area (EEA) and there is dependence on
Transfer of
model clauses as lawful grounds for cross border
Personal Data to
data transfers.
Processors

Page 6|6

You might also like