1. Overview
   
2. Preface: Major highlights of GDPR
   
3. Data protection management and governance activities
   
   1. DPMG Activity 1: Appoint data controller
      
   2. DPMG Activity 2: Assign data protection officer (DPO) 
      
   3. DPMG Activity 3: Satisfy data protection principles 
      
   4. DPMG Activity 4: Appoint data processor 
      
   5. DPMG Activity 5: Train staff on data protection 
      
   6. DPMG Activity 6: Enable the rights of data subjects
      
   7. DPMG Activity 7: Demonstrate compliance with GDPR 
      
4. Managing information security and privacy risks
   
   1. DPIP Activity 1: Maintain data privacy protection and information security policies and procedures
      
   2. DPIP Activity 2: Establish a data protection incident and breach response process
      
   3. DPIP Activity 3: Execute a data protection impact assessment (DPIA) for systems, projects, processes and products
      
   4. DPIP Activity 4: Implement data protection by design and by default in systems, processes and products
      
   5. DPIP Activity 5: Issue reports on data protection management issues 
      
5. Integrating data protection into business functions
   
   1. DPI Activity 1: Integrate data protection in all business functions 
      
   2. DPI Activity 2: Integrate data protection into it application systems and infrastructure
      
   3. DPI Activity 3: Integrate data protection in digital devices
      
   4. DPI Activity 4: Integrate data protection in practices related to monitoring employees’ communications 
      
6. Recommended good practices
   
7. Appendix 1: GDPR definitions
   
8. Appendix 2: Board responsibilities
   
9. Appendix 3: Data protection team improvement plan
   
10. Appendix 4: Technical and organizational data protection measures
    
11. Appendix 5: Controller-Processor agreement
    
12. Bibliography
    

‘The CEO’s Guide to GDPR Compliance’ e-Book 
This guide contains a sample of measures and controls to support your senior management accountability responsibilities in meeting the privacy compliance requirements and obligations of the new European General Data Protection Regulation (GDPR) for your company or organization.

About the author

John Kyriazoglou obtained a B.A. (Honours) from the University of Toronto, Canada, also earning a Scholastic award for Academic Excellence in Computer Science. John has worked in Canada, England, Greece and other countries for over 35 years, as a Senior IT manager, Managing Director, IT auditor and consultant, in a variety of clients and projects, in both the private and the public sectors. He has published several books and articles in professional publications, has served in numerous scientific committees and is a member of several professional and cultural associations.

He is currently the Editor-in-Chief for the Internal Controls Magazine (U.S.A.).

John can be contacted at: jkyriazoglou@hotmail.com.

Learn more about John by clicking on the following links:

SSRN at: http://ssrn.com/author=1315434

LinkedIn Profile: http://www.linkedin.com/pub/john-kyriazoglou/0/9b/919

Facebook: https://www.facebook.com/john.kyriazoglou.9

Twitter: https://twitter.com/jkyriazoglou

Slideshare: http://www.slideshare.net/jkyriazoglou