Privacy & Data Protection Essentials Courseware - English

Privacy & Data Protection Essentials Courseware - English
Автор книги: id книги: 1620659     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 7112,18 руб.     (69,49$) Читать книгу Купить и скачать книгу Купить бумажную книгу Электронная книга Жанр: Учебная литература Правообладатель и/или издательство: Ingram Дата добавления в каталог КнигаЛит: ISBN: 9789401804592 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Besides the Privacy & Data Protection Essentials Courseware – English (ISBN: 978 940 180 457 8) publication you are advised to obtain the publication EU GDPR, A pocket guide (ISBN: 978 178 778 064 4).Privacy & Data Protection Essentials (PDPE) covers essential subjects related to the protection of personal data. Candidates benefit from a certification that is designed to impart all the required knowledge to help ensure compliancy to the General Data Protection Regulation (GDPR). This regulation affects every organization that processes European Union personal data. Wherever personal data is collected, stored, used, and finally deleted or destroyed, privacy concerns arise. With the European Union GDPR the Council of the European Union attempts to strengthen and unify data protection for all individuals within the European Union. Within the European Union regulations and standards regarding the protection of data are stringent. The GDPR came into effect in May 2016 and organizations had until May 2018 to change their policies and processes to ensure that they fully comply with the GDPR. Companies outside Europe also need to comply the GDPR when doing business in Europe. One of the solutions to comply on the GDPR is to train and qualify staff. Certified professionals with the right level of knowledge will help your organization to comply the GDPR. The EXIN Privacy & Data Protection program covers the required knowledge of legislation and regulations relating to data protection and how this knowledge should be used to be compliant. The EXIN Privacy & Data Protection Essentials is part of the EXIN qualification program Privacy and Data Protection.

Оглавление

Ruben Zeegers. Privacy & Data Protection Essentials Courseware - English

Colofon

About the Courseware

Other publications by Van Haren Publishing

Table of content

Self-Reflection of understanding Diagram

Timetable

1. Overview

Scope

Summary

Context

Target group

Requirements for certification

Examination details

Bloom level

Training. Contact hours

Indication study effort

Training organization

2. Exam requirements

3. List of Basic Concepts

4. Literature. Exam literature

Comment

Literature matrix

Introduction

Sample Exam. 1 / 20 The illegal collection, storage, modification, disclosure or dissemination of personal data is an offence by European law

2 / 20 How are privacy and data protection related to each other?

3 / 20 The word 'privacy' is not mentioned in the GDPR

4 / 20 The GDPR is related to personal data protection

5 / 20 Which information is regarded as personal data according to the GDPR?

6 / 20 Which right of data subjects is explicitly defined by the GDPR?

7 / 20 “An independent public authority which is established by a Member State pursuant to Article 51."

8 / 20 Which role in data protection determines the purposes and means of the processing of personal data?

9 / 20 'Informed consent' is a lawful basis to process personal data under the GDPR. The purpose of the processing for which consent is given should be documented

10 / 20 The processing of personal data has to meet certain quality requirements

11 / 20"The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the processing are processed."

12 / 20 What is the term used in the GDPR for unauthorized disclosure of, or access to, personal data?

13 / 20 A social services organization plans to design a new database to administrate its clients and the care they need

14 / 20 A Dutch controller has contracted the processing of sensitive personal data out to a processor in a North African country, without consulting the supervisory authority. Is was discovered and he was penalized by the supervisory authority. Six months later the authority finds out that the controller is guilty of the same transgression again for another processing operation

15 / 20 Supervisory Authorities are assigned a number of responsibilities aimed at making sure data protection regulations are complied with

16 / 20 Binding corporate rules are a means for organizations to ease their administrative burden when complying with the GDPR

17 / 20 What should be done so that a Controller is able to outsource the processing of personal data to a Processor?

18 / 20 Often staff that works with personal data consider privacy and information security as separate issues

19 / 20 Session cookies are one of the most common types of cookie

20 / 20 Sometimes websites track visitors and store their information for marketing purposes

Answer Key. 1 / 20 The illegal collection, storage, modification, disclosure or dissemination of personal data is an offence by European law

2 / 20 How are privacy and data protection related to each other?

3 / 20 The word 'privacy' is not mentioned in the GDPR

4 / 20 The GDPR is related to personal data protection

5 / 20 Which information is regarded as personal data according to the GDPR?

6 / 20 Which right of data subjects is explicitly defined by the GDPR?

7 / 20 “An independent public authority which is established by a Member State pursuant to Article 51."

8 / 20 Which role in data protection determines the purposes and means of the processing of personal data?

9 / 20 'Informed consent' is a lawful basis to process personal data under the GDPR. The purpose of the processing for which consent is given should be documented

10 / 20 The processing of personal data has to meet certain quality requirements

11 / 20"The controller shall implement appropriate technical and organizational measures for ensuring that (...) only personal data which are necessary for each specific purpose of the processing are processed."

12 / 20 What is the term used in the GDPR for unauthorized disclosure of, or access to, personal data?

13 / 20 A social services organization plans to design a new database to administrate its clients and the care they need

14 / 20 A Dutch controller has contracted the processing of sensitive personal data out to a processor in a North African country, without consulting the supervisory authority. Is was discovered and he was penalized by the supervisory authority. Six months later the authority finds out that the controller is guilty of the same transgression again for another processing operation

15 / 20 Supervisory Authorities are assigned a number of responsibilities aimed at making sure data protection regulations are complied with

16 / 20 Binding corporate rules are a means for organizations to ease their administrative burden when complying with the GDPR

17 / 20 What should be done so that a Controller is able to outsource the processing of personal data to a Processor?

18 / 20 Often staff that works with personal data consider privacy and information security as separate issues

19 / 20 Session cookies are one of the most common types of cookie

20 / 20 Sometimes websites track visitors and store their information for marketing purposes

Evaluation

Preface

I. Privacy fundamentals. 1 Definitions and historical context

1.1 The history of data protection regulations

1.1.1 Data Protection history in ‘birds view’

1.1.2 Regulation versus Directive

1.1.3 Status of the GDPR until 25 May 2018

1.2 Material and territorial scope of the GDPR. 1.2.1 Material scope

1.2.2 Territorial scope

1.3 Definitions

1.3.1 Privacy

1.3.2 Data Protection

1.3.3 Personal Data

1.3.4 Natural person

1.3.5 Direct, indirect, pseudonymized personal data

1.3.5.1 Direct personal data

1.3.5.2 Indirect personal data

1.3.5.3 Pseudonymized personal data

1.3.6 Special personal data

1.3.7 Processing

1.4 Roles, responsibilities, stakeholders. 1.4.1 Controller

1.4.2 Processor

1.4.3 Data Protection Officer (DPO)

1.4.3.1 Tasks of the DPO

1.4.4 Recipient

1.4.5 Third party

2 Processing of personal data

2.1 Data processing principles

2.1.1 Lawfulness, fairness and transparency

2.1.2 Purpose limitation

2.1.3 Data minimization

2.1.4 Accuracy

2.1.5 Storage limitation

2.1.6 Integrity and confidentiality

2.1.7 Accountability

3 Legitimate grounds and purpose limitation. 3.1 Legitimate grounds for processing

3.1.1 Purpose limitation & purpose specification

3.1.1.1 Specified

3.1.1.2 Explicit

3.1.1.3 Legitimate

3.1.2 Proportionality and subsidiarity

3.1.2.1 Subsidiarity

3.1.2.2 Proportionality

4 Rights of data subjects

4.1 Transparent information, communication and modalities

4.2 Information on and access to personal data. 4.2.1 Information to be provided to the data subject

4.2.2 Additional information to be provided

4.3 Right of access (inspection) by the data subject

4.4 Rectification and erasure. 4.4.1 Right to rectification

4.4.2 Right to erasure (‘right to be forgotten’)

4.4.3 Right to restriction of processing

4.4.4 Notification obligation (rectification / erasure / restriction of processing)

4.4.5 Right to data portability

4.5 Right to object and automated individual decision-making. 4.5.1 Right to object

4.5.2 Automated individual decision-making, including profiling

4.5.3 Right to lodge a complaint with a supervisory authority

5 Data breaches and related procedures. 5.1 The concept of data breach

5.2 Procedures on how to act when a data breach occurs

5.2.1 Notification of a personal data breach to the supervisory authority

5.2.2 Notification of a personal data breach to the controller

5.2.3 Notification of a personal data breach to the data subject

5.2.3.1 Encryption, etc

5.2.3.2 Mitigating measures

5.2.3.3 Disproportionate effort

5.3 Categories of data breaches

II. Organizing data protection. 6 Importance of data protection for the organization

6.1 Requirements to comply to the GDPR

6.1.1 Principles relating to processing of personal data are met

6.1.2 Legal structure

6.1.3 Impact assessment

6.1.4 Controller – processor contract

6.1.5 Prior consultation

6.2 Required types of administration. 6.2.1 Record of processing activities

6.2.2 Record of data breaches

7 Supervisory authorities

7.1 General responsibilities of a supervisory authority

7.1.1 To monitor and enforce the application of the Regulation

7.1.2 To advise and promote awareness

7.1.3 To administrate data breaches and other infringements

7.1.4 To set standards

7.1.4.1 Processing requiring DPIA

7.1.4.2 Code of conduct, certification

7.1.4.3 Standard contractual clauses, binding corporate rules and - contracts

7.1.5 To cooperate with other supervisory authorities and the EDPS

7.2 Roles and responsibilities related to data breaches

7.3 Powers of the supervisory authority in enforcing the GDPR

7.3.1 Investigative powers of the supervisory authority

7.3.2 Corrective powers of the supervisory authority

7.3.3 General conditions for imposing administrative fines

7.3.3.1 Proportionate

7.3.3.2 Dissuasive

7.4 Cross-border data transfer. 7.4.1 ‘One-stop-shop‘

7.4.2 ‘Cross border processing’

7.4.3 Multinational company

7.4.4 Internationally operating company

7.4.5 ‘substantially affect’

7.5 Regulations applying to data transfer inside the EEA. 7.5.1 Identifying the lead supervisory authority

7.5.2 Regulations applying to data transfer outside the EEA

7.5.2.1 Transfers on the basis of an adequacy decision

7.5.2.2 Transfers subject to appropriate safeguards

7.5.2.3 Binding corporate rules (BCR)

7.5.3 Transfers or disclosures not authorized by Union law

7.5.4 Regulations applying to data transfer between the EEA and the USA

III. Practice of data protection. 8 Quality aspects. 8.1 Data Protection by design and by default

8.1.1 The seven principles of data protection by design

8.1.1.1 Proactive not Reactive; Preventative not Remedial

8.1.1.2 Data Protection as the Default Setting

8.1.1.3 Privacy Embedded into Design

8.1.1.4 Full Functionality — Positive-Sum, not Zero-Sum

8.1.1.5 End-to-End Security — Full Lifecycle Protection

8.1.1.6 Visibility and Transparency — Keep it Open

8.1.1.7 Respect for User Privacy — Keep it User-Centric

8.1.2 Benefits of the application of the principles of Privacy by design and privacy by default

8.2 Written contracts between the controller and the processor

8.2.1 Clauses of such a written contract

8.2.1.1 Example

8.3 Data Protection impact assessment (DPIA)

8.3.1 Objectives of a DPIA

8.3.2 Topics of a DPIA report

8.4 Data Life Cycle (DLC) management

8.4.1 Purpose of DLC

8.4.2 Understanding the data stream(s)

8.4.2.1 Data collection

8.4.2.2 Permissions structure

8.4.2.3 Build in retention / deletion rules

8.5 Data protection audit

8.5.1 Purpose of an audit

8.5.1.1 Adequacy audit

8.5.1.2 Compliance Audit

8.5.2 Contents of an audit plan

8.6 Practice related applications of the use of data, marketing and social media. 8.6.1 The use of social media information in marketing activities

8.6.2 Use of internet in the field of marketing

8.6.3 Cookies

8.6.3.1 Session cookies

8.6.3.2 Persistent cookies

8.6.3.3 Tracking cookies

8.6.4 Other profiling info: the price of ‘free’ services

8.6.5 The data protection perspective

8.6.5.1 Cookies

8.6.5.2 Profiling

8.7 Big data

Отрывок из книги

Privacy & Data Protection Essentials Courseware – English

Although this publication has been composed with much care, neither author, nor editor, nor publisher can accept any liability for damage caused by possible errors and/or incompleteness in this publication.

.....

1.5.2 is aware of the right to be forgotten.

1.6 Data Breach and Related Procedures

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Privacy & Data Protection Essentials Courseware - English
Подняться наверх