<abstract xmlns="http://www.w3.org/1999/xhtml">

<p>New quality that has been delivered by the provisions of General Data Protection Regulation (GDPR) (EU) 2016/679 is intended to secure a higher level of safety for personal data processing operations. The following elaboration was produced as an attempt to address the questions regarding practical methods of implementation for the indispensable mechanism of GDPR compliance. The guidelines contained in the article are supposed to be helpful in enhancing the safety level for processed personal data. Theoretical and legal studies over the status and functioning of the valid legislation with reference to the practical application of personal data processing procedures have been applied in the article. The main sources of knowledge included valid legal acts, opinions from Article 29 Working Party, technical norms as well as available general knowledge. The outcomes of the said studies indicated the complexity of the issue and established the necessity to continue further studies in practical implementation methods, such as the national and European mechanism of certification or sector codes of good practices.</p>
</abstract>

New quality that has been delivered by the provisions of General Data Protection Regulation (GDPR) (EU) 2016/679 is intended to secure a higher level of safety for personal data processing operations. The following elaboration was produced as an attempt to address the questions regarding practical methods of implementation for the indispensable mechanism of GDPR compliance. The guidelines contained in the article are supposed to be helpful in enhancing the safety level for processed personal data. Theoretical and legal studies over the status and functioning of the valid legislation with reference to the practical application of personal data processing procedures have been applied in the article. The main sources of knowledge included valid legal acts, opinions from Article 29 Working Party, technical norms as well as available general knowledge. The outcomes of the said studies indicated the complexity of the issue and established the necessity to continue further studies in practical implementation methods, such as the national and European mechanism of certification or sector codes of good practices.

Practical Methods of Implementation for the Indispensable Mechanism of GDPR Compliance

Wroclaw Review of Law, Administration & Economics

This work is licensed under the Creative Commons Attribution 4.0 International License.

New quality that has been delivered by the provisions of General Data Protection Regulation (GDPR) (EU) 2016/679 is intended to secure a higher level of safety...

Activity	Description confirming the preparation
Performing the process risk analysis, including the inventory of assets
Developing the scenarios for potential threats
Developing the major continuity plan together with the appendices, compliant to ISO 22301
Determination of the level of accepted risk together with the specification of potential losses, e.g., the threat of privacy loss by the data subjects
Reconstruction of the processes to provide continuity
Preparation of the plan for changes in the solutions possessed
Preparation and testing of emergency plans/procedures
Appointing and training of staff
Testing for the procedures accepted
Evaluation of procedure appropriateness for the maintenance of operating continuity

Practical Methods of Implementation for the Indispensable Mechanism of GDPR Compliance

Data publikacji: 16 kwi 2022

Zakres stron: 31 - 47

DOI: https://doi.org/10.2478/wrlae-2021-0013

© 2021 Michał Bańka et al., published by Sciendo

This work is licensed under the Creative Commons Attribution 4.0 International License.

Figure 1

Figure 2

Managing the continuity of operations – a permanent process (a template)