• forward arrow
    Main Menu

  • Book & Article Categories

  • forward arrow
    Main Menu

  • Book & Article Categories

Home
Technology Books
Cybersecurity Books
Suzanne Dibble
|
Published:
December 24, 2019

GDPR For Dummies

Buy Now
Subscribe on Perlego
Engage with Book

Overview

Don’t be afraid of the GDPR wolf!

How can your business easily comply with the new data protection and privacy laws and avoid fines of up to $27M? GDPR For Dummies sets out in simple steps how small business owners can comply with the complex General Data Protection Regulations (GDPR). These regulations apply to all businesses established in the EU and to businesses established outside of the EU insofar as they process personal data about people within the EU.

Inside, you’ll discover how GDPR applies to your business in the context of marketing, employment, providing your services, and using service providers. Learn how to avoid fines, regulatory investigations, customer complaints, and brand damage, while gaining a competitive advantage and increasing customer loyalty by putting privacy at the heart of your business. 

  • Find out what constitutes personal data and special category data
  • Gain consent for online and offline marketing
  • Put your Privacy Policy in place
  • Report a data breach before being fined

79% of U.S. businesses haven’t figured out how they’ll report breaches in a timely fashion, provide customers the right to be forgotten, conduct privacy impact assessments, and more. If you are one of those businesses that hasn't put a plan in place, then GDPR For Dummies is for you.

Read More

About The Author

Suzanne Dibble is a business lawyer who has advised huge multi-national corporations, private equity-backed enterprises, and household names. Since 2010 she has focused on small businesses, combining her knowledge of large organizations with a deep appreciation for entrepreneurship, especially online businesses, to provide practical, relevant advice. See more at suzannedibble.com

Sample Chapters

Read Sample
gdpr for dummies

CHEAT SHEET

The General Data Protection Regulation (GDPR) was designed to streamline data protection laws across Europe as well as provide for some consistency across the European Union (EU). Although it's been in place since May 2018, it still causes a lot of confusion. This cheat sheet answers some questions about a few major misunderstandings: Does the GDPR apply to non-EU organizations?
View Cheat Sheet
View Cheat Sheet

HAVE THIS BOOK?

View Book Companion Site
Access practice tests
Additional Book Resources

Articles from
the book

If you’re looking to hire a data protection officer or you’re considering a new career in data protection as a DPO, this list of ten must-have skills for DPOs may prove helpful.Many company executives believe that they can hire a fairly junior IT specialist or assign the office manager (or another existing generalist staff) to fulfill the role of DPO.
Read More
Read More
Human error causes the vast majority of data breaches. This makes it absolutely essential that you, as a data controller or processor, provide all relevant staff with suitable training on data protection matters. In fact, Article 39 of the General Data Protection Regulation (GDPR) provides that the data protection officer (DPO) shall provide staff involved in processing operations with training in data protection matters.
Read More
Read More
If you are relying on the lawful grounds of consent to process personal data, you generally will need to use opt-in wording to obtain that consent. In some cases, you will need explicit consent opt-in wording (if you are processing special category data, for example).If, however, you are instead relying on legitimate interests to process personal data (checking always that the ePrivacy Directive does not require consent), then you do not need opt-in, but you must offer an opt-out.
Read More
Read More
The General Data Protection Regulation (GDPR) was designed to streamline data protection laws across Europe as well as provide for some consistency across the European Union (EU). Although it's been in place since May 2018, it still causes a lot of confusion. This cheat sheet answers some questions about a few major misunderstandings: Does the GDPR apply to non-EU organizations?
Read More
Read More
One of the key elements that underpins the General Data Protection Regulation (GDPR) is how you, as a data controller or a data processor, secure and protect the personal data you collect, store, and process. Data security isn’t just an IT issue — it affects every area of your operations, and it involves everyone at every level of your business.
Read More
Read More
To process personal data, you need to have lawful grounds for processing, as provided for in the General Data Protection Regulation (GDPR). Consent is likely to be the appropriate ground where you want to offer a real choice to people — for example, whether they want to receive your marketing emails. Many people think that GDPR is all about consent, but that isn’t true; consent is just one of six potential lawful grounds for processing personal data.
Read More
Read More
Your privacy notice must be as user friendly and as understandable to the data subject as possible — often a difficult task when including detailed information and references to complex legislation.Supervisory authorities encourage you to use the following elements — perhaps with icons to draw attention — to communicate your privacy notice to data subjects: Layered privacy notice: This layout makes the text easier to read and understand by “chunking” the text under text underneath collapsible headings that can be expanded to reveal more information, as shown in the following figure.
Read More
Read More
The function of your cookie policy is to provide clear and comprehensive information to your website users about the cookies you’re using and what type of cookies they are (functional or session, for example). Assess your cookies To create your cookie policy, you need to know what cookies you’re using on your website and what their purpose is.
Read More
Read More
You should include opt-in wording wherever you are collecting personal data and relying on consent as your lawful grounds for processing, unless it is clearly obvious from the circumstances that, by providing personal data, the data subject will be consenting. You will typically see opt-in wording presented within just-in-time notices.
Read More
Read More
One aim of the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, was to harmonize data protection laws across Europe — so its legal form is a regulation (an order that must be executed) as opposed to a directive (a result to achieve, though the means to achieve aren’t dictated).
Read More
Read More
A Data Subject Access Request, or DSAR, is a written request made by the data subject for information they’re entitled to ask for under the General Data Protection Regulation (GDPR). Don’t confuse a DSAR with a request under the Freedom of Information Act (FOIA) or similar legislation in other jurisdictions where data can be requested from a public authority.
Read More
Read More
Load More Articles

Related Books

0:00
0:00
Listen now
Pause
https://cdn.prod.website-files.com/6630d85d73068bc09c7c436c/69195ee32d5c606051d9f433_4.%20All%20For%20You.mp3

Frequently Asked Questions

No items found.

Get a Subscription