SlideShare a Scribd company logo

GDPR compliance process and maturity/readiness assessment checklist

Download as PPTX, PDF
E
Ez Fahmy

Organizations in Europe have to finally comply to the new regulation by EU to protect EU users data. This is a high level description of the main entities and requirements of the GDPR compliance process that organizations in EU need to implement

Technology
1 of 3
GDPR Maturity Assessment & Compliance process Check-list Ezzat Fahmy – Munich Germany
Entities Data Subject / Natural Person in EU 1. Identifiable directly or indirectly by name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. Personal Data Controller Or Processor Or Recipient 1. Any information relating to data-subject 2. Consent: freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him 3. personal data breach’ security breach leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed 4. genetic data’ personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about his physiology or health which result from an analysis of a biological sample from him 5. biometric data’ facial image, fingerprint, palm print 6. data concerning health’ Processing 1. Processing personal data / automated r unautomated operations performed on personal data (such as Collecting, recording, structuring, storage, altering, retrieval, consultation, use, transmit, present, make available, …etc) 2. cross-border processing 3. Restriction of processing: marking personal data to limit processing 4. Profiling: using personal data to evaluate, analyze, predict personal aspects or performance or behavior at work, home, interest, health, economics, location, movement, ..etc 5. Pseudonymizing: processing of personal data in such a manner that the personal data can no longer be attributed to a specific person 6. Filling systems: accessible structured personal data centralized or decentralized or spread geographically 7. binding corporate rules: personal data protection policies which are adhered to by a controller or processor 1. A controller: Determines the purposes and means of the processing of personal data 2. A processor: processes personal data in behalf of the controller. 3. Recipient: org, person or 3rd party to which personal data is disclosed 4. Main establishment
Check list Data Subject / Natural Person in EU Personal Data Controller Or Processor Or Recipient Processing 1. Should be lawful, fair and transparent to the Data-Subject 1. Data-Subject must given consent for processing of his personal data for one or more specific purposes 2. processing is necessary for contract where Data-Subject is part of, for compliance, for protecting the interest of data-subject, for preforming tasks important for public authorities, for interest of controller except when overridden by interests or fundamental rights and freedoms of Data-Subject 2. processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law 1. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing 3. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited. 1. Except when/if the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred 2. if necessary for specific rights of the controller or data subject in field of employment and social security and social protection law 3. If data subject is physically or legally incapable of giving consent 1. (purpose limitation) Should be collected for and processed in specified, explicit and legitimate purposes and manners 2. (data minimization) Should be adequate, relevant and limited to the purpose of which they are processed 3. (data accuracy) Should be accurate and up to date which means 4. (data accuracy) inaccurate personal data should be erased or rectified without delay 5. (storage limitation) data kept in a form that permits identification of data subjects 6. (storage limitation) Data kept for no longer than is necessary for the purposes for which the personal data are processed 7. (data integrity and confidentiality) processed in a secured manner protected against accidental loss, destruction or damage 1. (Accountability) The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 2. processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law 3. controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data 4. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology 1. Data-Subject must given consent for processing of his personal data for one or more specific purposes 2. controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data 3. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. 4. The data subject shall have the right to withdraw his or her consent at any time 5. Where the child is below the age of 16 years, consent is given or authorised by the holder of parental responsibility over the child.

Recommended

Personal Data Protection in Pharmaceutical Sector (webinar presentation)
Personal Data Protection in Pharmaceutical Sector (webinar presentation)Personal Data Protection in Pharmaceutical Sector (webinar presentation)
Personal Data Protection in Pharmaceutical Sector (webinar presentation)Anastasiya Lemysh
 
Memorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMemorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMelis Buhan Öncel
 
Minnesota State Records
Minnesota State RecordsMinnesota State Records
Minnesota State RecordsJosephPierce16
 
Taxpayer rights
Taxpayer rightsTaxpayer rights
Taxpayer rightsKenya Revenue Authority
 
Right to Information Act 2005
Right to Information Act 2005Right to Information Act 2005
Right to Information Act 2005KalpanaMishra16
 
Ice response to requester (foia only)
Ice response to requester (foia only)Ice response to requester (foia only)
Ice response to requester (foia only)Bryan Johnson
 
Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Awara Direct Search
 
10 facts about jobs in the future
10 facts about jobs in the future10 facts about jobs in the future
10 facts about jobs in the futurePew Research Center's Internet & American Life Project
 

Recommended

Personal Data Protection in Pharmaceutical Sector (webinar presentation)
Personal Data Protection in Pharmaceutical Sector (webinar presentation)Personal Data Protection in Pharmaceutical Sector (webinar presentation)
Personal Data Protection in Pharmaceutical Sector (webinar presentation)Anastasiya Lemysh
 
Memorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMemorandum on Protection of Personal Data
Memorandum on Protection of Personal DataMelis Buhan Öncel
 
Minnesota State Records
Minnesota State RecordsMinnesota State Records
Minnesota State RecordsJosephPierce16
 
Taxpayer rights
Taxpayer rightsTaxpayer rights
Taxpayer rightsKenya Revenue Authority
 
Right to Information Act 2005
Right to Information Act 2005Right to Information Act 2005
Right to Information Act 2005KalpanaMishra16
 
Ice response to requester (foia only)
Ice response to requester (foia only)Ice response to requester (foia only)
Ice response to requester (foia only)Bryan Johnson
 
Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Processing of Personal Data. What’s new?
Processing of Personal Data. What’s new?Awara Direct Search
 
10 facts about jobs in the future
10 facts about jobs in the future10 facts about jobs in the future
10 facts about jobs in the futurePew Research Center's Internet & American Life Project
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018Prof. Jacques Folon (Ph.D)
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training) Elizabeth Baker, JD, CRCMP
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxgentlejosh3161
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in MalaysiaMSC Malaysia Cybercentre @ Bangsar South City
 
Data protection
Data protectionData protection
Data protectionjayne45
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
LO1.pptx
LO1.pptxLO1.pptx
LO1.pptxKatherineJoysTulabin1
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationN N
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

More Related Content

Similar to GDPR compliance process and maturity/readiness assessment checklist

General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxgentlejosh3161
 
Data protection
Data protectionData protection
Data protectionjayne45
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Vijay Dalmia
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Vijay Dalmia
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationN N
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...Dr. Oliver Massmann
 

Similar to GDPR compliance process and maturity/readiness assessment checklist (20)

Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentation
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentation
 
Esc gdpr oct 2018
Esc gdpr oct 2018Esc gdpr oct 2018
Esc gdpr oct 2018
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
CEU DPA
CEU DPACEU DPA
CEU DPA
 
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptxDATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
DATA-PRIVACY-ACT OF 2012- draft only ppt.pptx
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Data protection
Data protectionData protection
Data protection
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...Reasonable security practices and procedures and sensitive personal data or i...
Reasonable security practices and procedures and sensitive personal data or i...
 
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
Reasonable Security Practices And Procedures And Sensitive Personala 24 06 2...
 
LO1.pptx
LO1.pptxLO1.pptx
LO1.pptx
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
LAWYER IN VIETNAM DR OLIVER MASSMANN NEW DRAFT DECREE ON PERSONAL DATA PROTEC...
 

Recently uploaded

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

GDPR compliance process and maturity/readiness assessment checklist

  • 1. GDPR Maturity Assessment & Compliance process Check-list Ezzat Fahmy – Munich Germany
  • 2. Entities Data Subject / Natural Person in EU 1. Identifiable directly or indirectly by name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity. Personal Data Controller Or Processor Or Recipient 1. Any information relating to data-subject 2. Consent: freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him 3. personal data breach’ security breach leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed 4. genetic data’ personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about his physiology or health which result from an analysis of a biological sample from him 5. biometric data’ facial image, fingerprint, palm print 6. data concerning health’ Processing 1. Processing personal data / automated r unautomated operations performed on personal data (such as Collecting, recording, structuring, storage, altering, retrieval, consultation, use, transmit, present, make available, …etc) 2. cross-border processing 3. Restriction of processing: marking personal data to limit processing 4. Profiling: using personal data to evaluate, analyze, predict personal aspects or performance or behavior at work, home, interest, health, economics, location, movement, ..etc 5. Pseudonymizing: processing of personal data in such a manner that the personal data can no longer be attributed to a specific person 6. Filling systems: accessible structured personal data centralized or decentralized or spread geographically 7. binding corporate rules: personal data protection policies which are adhered to by a controller or processor 1. A controller: Determines the purposes and means of the processing of personal data 2. A processor: processes personal data in behalf of the controller. 3. Recipient: org, person or 3rd party to which personal data is disclosed 4. Main establishment
  • 3. Check list Data Subject / Natural Person in EU Personal Data Controller Or Processor Or Recipient Processing 1. Should be lawful, fair and transparent to the Data-Subject 1. Data-Subject must given consent for processing of his personal data for one or more specific purposes 2. processing is necessary for contract where Data-Subject is part of, for compliance, for protecting the interest of data-subject, for preforming tasks important for public authorities, for interest of controller except when overridden by interests or fundamental rights and freedoms of Data-Subject 2. processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law 1. any link between the purposes for which the personal data have been collected and the purposes of the intended further processing 3. Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited. 1. Except when/if the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred 2. if necessary for specific rights of the controller or data subject in field of employment and social security and social protection law 3. If data subject is physically or legally incapable of giving consent 1. (purpose limitation) Should be collected for and processed in specified, explicit and legitimate purposes and manners 2. (data minimization) Should be adequate, relevant and limited to the purpose of which they are processed 3. (data accuracy) Should be accurate and up to date which means 4. (data accuracy) inaccurate personal data should be erased or rectified without delay 5. (storage limitation) data kept in a form that permits identification of data subjects 6. (storage limitation) Data kept for no longer than is necessary for the purposes for which the personal data are processed 7. (data integrity and confidentiality) processed in a secured manner protected against accidental loss, destruction or damage 1. (Accountability) The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 2. processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law processing for a purpose other than that for which the personal data have been collected is not based on the data subject’s consent or on a Union or Member State law 3. controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data 4. The controller shall make reasonable efforts to verify in such cases that consent is given or authorised by the holder of parental responsibility over the child, taking into consideration available technology 1. Data-Subject must given consent for processing of his personal data for one or more specific purposes 2. controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data 3. If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language. 4. The data subject shall have the right to withdraw his or her consent at any time 5. Where the child is below the age of 16 years, consent is given or authorised by the holder of parental responsibility over the child.