ResourceCenter

This data breach response guide, published by Experian, outlines how to create and practice a data breach response plan, along with responding to an actual data breach.View PDF (890 KB)... Read More

This list, published by the European Commission, highlights seven points of preparedness for business in anticipation of the United Kingdom leaving the European Union. Included is a section on the transfer of personal data.View PDF (255 KB)... Read More

This document, published by the European Council, is a call to intensify preparedness at all levels of those that may be affected by the United Kingdom's withdrawal from the European Union, and an outline of the repercussions for citizens, businesses and administrations in both the United Kingdom and the European Union.View PDF (850 KB)... Read More

This guidance document, published by the U.S. Department of Health and Human Services, is intended to assist sponsors, clinical investigators, contract research organizations, institutional review boards, and other interested parties on the use of electronic health record data in FDA-regulated clinical investigations.View PDF (328 KB)... Read More

Under Article 33, paragraph 1, of the EU General Data Protection Regulation, a data controller that has been subject to a personal data breach must report the breach to the proper EU supervisory authority, as defined by Articles 55 and 56. The chart below aims to help you quickly comply with this requirement, compiling information from EU SAs on the way they prefer to be notified of a breach. Country Preferred method for breach notification Form language(s) Additional information ... Read More

Click on the chart below for a printable pdf version with active links. (52KB)  ... Read More

The purpose of this research document, published by Nuno Alexandre Costa, is to define the key drivers for success in General Data Protection Regulation projects. After defining drivers and project success (internal assessment and external perceptions), the paper describes how the initial drivers are linked with project success.View PDF (441 KB)... Read More

This table, published by Fieldfisher, sets out the legal position in relation to e-marketing requirements in Europe. The table provides information on the applicable legislation, and opt-in/opt-out requirements for each member state.View PDF (505 KB)... Read More

The European Commission's issued this 2001 decision on standard contractual clauses for the transfer of personal data to third countries under the former Data Protection Directive. (June 15, 2001)View PDF (1.42 MB)... Read More

Now that the GDPR is in effect, many organizations need data protection officers. However, not all organizations can or need to staff the DPO role in-house — and the regulation does not require organizations to do so; Article 37(6) allows for the data protection officer role to be filled using a service contract. But what should a DPO service contract look like? The IAPP offers this sample document as a starting point for organizations considering the engagement of an external DPO.Read Sample Ag... Read More