Are you a data protection officer? Are you trying to staff your DPO position? You’ve come to the right place. This DPO Toolkit has a number of resources that should be instrumental in performing what will be a vital role at many organizations inside and outside of the European Union, come May 2018, when the General Data Protection Regulation comes into force.
From a sample job description to research on how much training is required of a DPO to get a baseline of GDPR knowledge, the following set of resources is free for IAPP members and is constantly being updated by Emily Leach, IAPP Content Manager. Looking for something in particular? Email her directly. This toolset will continue to grow and expand.
You may also want to avail yourself of one of the more valuable IAPP member benefits: The IAPP Privacy List. This listserv may deliver a lot of email to your inbox, but that email will be filled with valuable advice from your peers in the privacy and data protection community. See what questions other DPOs are asking and tap into the vast knowledge base that exists amongst the IAPP membership around the globe.
JUST RELEASED! DPO Handbook: Data Protection Officers Under the GDPR
DPO Handbook: Data Protection Officers Under the GDPR provides a comprehensive view of all aspects of the role of Data Protection Officers under the EU’s new General Data Protection Regulation, starting with a look at how organizations determine whether they need a DPO, defining the skills required for the role, and discussing how to source this skillset. The book then describes in detail the various tasks a DPO performs starting from their first day and month on the job and concludes with examples of DPOs performing their role in different types of organizations.
Train to be a DPO
Get DPO Ready with IAPP training, certifications and conferences.
The CIPP/E encompasses pan-European and national data protection laws, key privacy terminology and practical concepts concerning the protection of personal data and trans-border data flows.
The CIPM is the world’s first and only certification in privacy program management. When you earn a CIPM, it shows that you don’t just know privacy regulations—you know how to make it work for your organization. In other words, you’re the go-to person for day-to-day operations when it comes to privacy.
The GDPR Comprehensive 2016 – New York City
Recorded conference available for purchase
Now, bone up on the GDPR with these in-depth resources from the IAPP available in web conference, e-book or article formats.
Spanning hundreds of sections – and with vast territorial scope – the EU General Data Protection Regulation is clearly the most important privacy regulation the world has seen in decades. It asks a great deal of organizations all over the world who collect and process data about European individuals. It imposes hefty fines on those who fail to comply. What do you need to know to get started? What are the initial steps that every organization needs to take to implement the GDPR?
In this three-pa...
The new General Data Protection Regulation (GDPR), put forth by the European Commission in 2012 and finally generally agreed upon by the European Parliament and Council in December 2016, is set to replace the Data Protection Directive 95/46/ec. Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controller...
This ebook from the IAPP comprises the series Top 10 operational impacts of the GDPR from The Privacy Advisor. Written by IAPP Research Director Rita Heimes, CIPP/US, and Westin Fellows Gabriel Maldoff, CIPP/US, and Anna Myers, CIPP/US, the series outlines specific provisions of the regulation from consent to breach obligations to enforcement and more.
Get ebook now ...
The General Data Protection Regulation, set to come into force in May of 2018, is a massive, 200-page document that not only creates many new obligations, but also extends the jurisdiction of the European Union to anyone collecting the data of European citizens. Understanding how to comply can be daunting. That's why the IAPP has pulled out the top 10 largest operational impacts so that you can begin tackling the most important issues right now. Hear from an expert panel, featuring current and f...
This webpage contains links to the full text of the GDPR in the official languages of the European Union.
As most privacy professionals know by now, the GDPR will come into force in May of 2018. The list of data governance issues to be tackled is large, with many new requirements for anyone doing business with EU citizens. Many organizations, in fact, will have to appoint a data protection officer with specific tasks and responsibilities. Given these new demands, the IAPP has arranged for DPOs and privacy leaders who run some of the world’s leading privacy programs at organizations in the EU and aro...
The GDPR clearly delineates responsibilities between controllers and processors and contains detailed requirements for controller-processor contracts. Made very clear is that the controllers are responsible for ensuring that any processing activities are performed in compliance with the Regulation, whether or not they carry them out. Among other responsibilities, controllers must:
- Carry out DPIAs when the type of processing is “likely to result in a high risk to the rights and freedoms of natural persons” and implement appropriate technical safeguards;
- Assure the protection of data subject rights, such as erasure, reporting and notice requirements, and maintaining records of processing activities;
- Carry out duties to the supervisory authority, such as data breach notification and consultation prior to processing.
Processors mainly have responsibilities to the controller. For example, they must:
- Process data only as instructed by controllers;
- Use appropriate technical and organizational measures to comply with the GDPR;
- Delete or return data to the controller once processing is complete; and
- Submit to specific conditions for engaging other processors.
Check back soon for more on selecting the right processor for you.
This series presents nine elements of a successful vendor-management program and a checklist to help you, the privacy pro, to manage an effective program. Sometimes themes can help us remember information, so for that reason, we’ll use the solar system to guide us through this series: Picture your company as the star around which all vendors revolve—outer space was so much more appealing than an oceanic theme where sharks circle.
1. Mercury—Why Have a Vendor Management Program?As the messenger ...
This draft guidance from the U.K. Information Commissioner’s Office will help controllers understand what needs to be included in contracts with processors under the GDPR and why. It will also help processors to understand their responsibilities and liability. Read Now (PDF K381B)...