Determann’s Field Guide to International Data Privacy Law Compliance

Determann’s Field Guide to International Data Privacy Law Compliance

Lothar Determann

Companies, lawyers, privacy officers, developers, marketing and IT professionals face privacy issues more and more frequently. Much information is freely available, but it can be difficult to get a grasp on a problem quickly, without getting lost in details and advocacy. This is where Determann’s Field Guide to International Data Privacy Law Compliance comes into its own – helping to identify issues and provide concise practical guidance in an increasingly complex field shaped by rapid change in international laws, technology and society.

Checklist: data privacy and security compliance program

Lothar Determann

Subjects: law - academic, information and media law, internet and technology law, law -professional, technology, media and telecommunications law


Checklists can be handy to create agendas for meetings, task lists for projects and guidance for a quick health check on an organization’s compliance status. They should not create a false sense of completeness though. With the following checklist, you should be able to determine major gaps and get a discussion about compliance going. 1. Who is in charge of data privacy and security compliance in the organization? Determine whether your company should appoint a Chief Privacy Officer and/or local liaisons, and whether you are legally required to appoint data protections officers Are all stakeholders instructed and trained regarding their responsibilities, in particular: ♦ Information technology department (regarding data security, retention and access restrictions) ♦ Premises security ♦ Human resources department (regarding employee files, HRIS, monitoring, whistleblower hotline) and ♦ Sales and marketing personnel (regarding direct marketing)? 2. What does the company do to keep data secure? Do you have a security policy that describes sufficient physical, technological and organizational data security measures, e.g., database access controls and device encryption? Are all employees familiar with the policy and actually complying with it? Are service providers carefully selected and monitored with respect to data security and are appropriate contracts in place? Are you prepared for a data security breach with respect to notice and compensation requirements under law and contracts? Do you have a data retention and deletion program in place that ensures that data is securely discarded after it is no longer needed or legal to store? DETERMANN PRINT.indd 145 06/07/2012 13:43 146...

You are not authenticated to view the full text of this chapter or article.

Elgaronline requires a subscription or purchase to access the full text of books or journals. Please login through your library system or with your personal username and password on the homepage.

Non-subscribers can freely search the site, view abstracts/ extracts and download selected front matter and introductory chapters for personal use.

Your library may not have purchased all subject areas. If you are authenticated and think you should have access to this title, please contact your librarian.

Further information