EU GDPR - A pocket guide, second edition
By Alan Calder
()
About this ebook
EU GDPR – A Pocket Guide, second edition provides an accessible overview of the changes you need to make in your organisation to comply with the new law.
The EU General Data Protection Regulation unifies data protection across the EU. It applies to every organisation in the world that does business with EU residents.
The Regulation introduces a number of key changes for organisations – and the change from DPA compliance to GDPR compliance is a complex one.
This pocket guide sets out:
- A brief history of data protection and national data protection laws in the EU (such as the UK DPA, German BDSG and French LIL).
- The terms and definitions used in the GDPR, including explanations.
- The key requirements of the GDPR
- How to comply with the Regulation
- A full index of the Regulation, enabling you to find relevant Articles quickly and easily.
New for the second edition:
- Updated to take into account the latest guidance from WP29 and ICO.
- Improved guidance around related laws such as the NIS Directive and the future ePrivacy Regulation.
This guide is the ideal resource for anyone wanting a clear, concise primer on the EU GDPR. Buy your copy today.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
Cyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5IT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratingsISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5PCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsCyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe Green Agenda: A Business Guide Rating: 0 out of 5 stars0 ratings
Related to EU GDPR - A pocket guide, second edition
Related ebooks
A Last Minute Hands-on Guide to GDPR Readiness Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition Rating: 0 out of 5 stars0 ratingsEU GDPR – An international guide to compliance Rating: 0 out of 5 stars0 ratingsIntro to GDPR: A Plain English Guide to Compliance Rating: 0 out of 5 stars0 ratingsData Protection and the Cloud: Are the risks too great? Rating: 4 out of 5 stars4/5Data Protection Officer Rating: 3 out of 5 stars3/5EU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsUltimate GDPR Practitioner Guide (2nd Edition): Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsData Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsData Protection Compliance in the UK: A Pocket Guide Rating: 5 out of 5 stars5/5A Practical Guide to IT Law Rating: 0 out of 5 stars0 ratingsGDPR for DevOp(Sec) - The laws, Controls and solutions Rating: 5 out of 5 stars5/5Cybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5The IT / Digital Legal Companion: A Comprehensive Business Guide to Software, IT, Internet, Media and IP Law Rating: 5 out of 5 stars5/5The California Consumer Privacy Act (CCPA): An implementation guide Rating: 4 out of 5 stars4/5The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratingsLEGAL ASPECTS OF DATA PROTECTION Rating: 0 out of 5 stars0 ratingsGDPR-standard data protection staff training: What employees & associates need to know by Dr Paweł Mielniczek Rating: 0 out of 5 stars0 ratingsUpcoming Updates In Data Protection: Whistleblowing Channels Rating: 0 out of 5 stars0 ratingsThe Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsIT Outsourcing Contracts: A Legal and Practical Guide Rating: 3 out of 5 stars3/5The EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsThe California Privacy Rights Act (CPRA) – An implementation and compliance guide Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratings
Computer & Internet Law For You
The Ultimate Legal Guide for Bloggers & Website Owners Rating: 0 out of 5 stars0 ratingsThe Twenty-Six Words That Created the Internet Rating: 4 out of 5 stars4/5Data Protection and Compliance: Second edition Rating: 0 out of 5 stars0 ratingsMastering ChatGPT: Business Uses: Podcasts in Print Rating: 2 out of 5 stars2/5Website Law: The Legal Guide for Website Owners and Bloggers Rating: 5 out of 5 stars5/5The United States of Anonymous: How the First Amendment Shaped Online Speech Rating: 4 out of 5 stars4/5Legal Guide to Social Media, Second Edition: Rights and Risks for Businesses, Entrepreneurs, and Influencers Rating: 5 out of 5 stars5/5Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies Rating: 0 out of 5 stars0 ratingsToken Economy: How the Web3 reinvents the Internet Rating: 4 out of 5 stars4/5The Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsThe Snowden Reader Rating: 0 out of 5 stars0 ratingsThe Dark Web: The Unseen Side of the Internet Rating: 0 out of 5 stars0 ratingsCybersecurity Essentials: The Beginner's Guide Rating: 5 out of 5 stars5/5iOS Programming: Starter Guide: What Every Programmer Needs to Know About iOS Programming Rating: 2 out of 5 stars2/5SEO for Beginners: For Beginners Rating: 0 out of 5 stars0 ratingsWhy Hackers Win: Power and Disruption in the Network Society Rating: 0 out of 5 stars0 ratingsThe Basics of Digital Privacy: Simple Tools to Protect Your Personal Information and Your Identity Online Rating: 0 out of 5 stars0 ratingsExposed: How Revealing Your Data and Eliminating Privacy Increases Trust and Liberates Humanity Rating: 0 out of 5 stars0 ratingsThe IT / Digital Legal Companion: A Comprehensive Business Guide to Software, IT, Internet, Media and IP Law Rating: 5 out of 5 stars5/5Legal Guide to Social Media: Rights and Risks for Businesses and Entrepreneurs Rating: 0 out of 5 stars0 ratingsPrivacy’s Blueprint: The Battle to Control the Design of New Technologies Rating: 5 out of 5 stars5/5EU General Data Protection Regulation (GDPR), third edition: An Implementation and Compliance Guide Rating: 0 out of 5 stars0 ratingsA Practical Guide to IT Law Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide Rating: 5 out of 5 stars5/5ISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5Freedom of expression and the internet: Updated and revised 2nd edition Rating: 0 out of 5 stars0 ratingsDelete: The Virtue of Forgetting in the Digital Age Rating: 4 out of 5 stars4/5Harvard Law Review: Volume 127, Number 3 - January 2014 Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5The Ultimate GDPR Practitioner Guide: Demystifying Privacy & Data Protection Rating: 0 out of 5 stars0 ratings
Reviews for EU GDPR - A pocket guide, second edition
0 ratings0 reviews
Book preview
EU GDPR - A pocket guide, second edition - Alan Calder
reading
INTRODUCTION
Few companies are in favour of further regulation, but it’s generally recognised that it has a role to play in keeping industries honest and protecting the populace at large. There’s also a lot of opposition to particularly strong regulation, so more heavy-handed laws are often developed incrementally, which conveniently reduces the outcry at any given stage. It’s quite rare for a particularly strong regulation to come about all at once: the European Union’s General Data Protection Regulation (GDPR) is one such beast, however.
It’s not that the GDPR is unnecessary, nor that any individual requirement is particularly egregious; rather, much of the challenge is that it came along all at once and potentially affects nearly every organisation in the world. The Regulation is so widely applicable, in fact, that there are likely to be legal arguments and discussions over the coming decade to determine the true extent of its powers¹. Regardless of how well it holds up, every business in Europe – and a substantial number in other jurisdictions – should be prepared to deal with the repercussions.
And those repercussions are not to be sneezed at: organisations found to be in breach of the Regulation can be fined up to €20 million, or four percent of global annual turnover – whichever is greater. Needless to say, there are few companies that would be willing to take a hit of that magnitude when compliance can be achieved much more cheaply.
So, on the face of it, the GDPR is quite a terrifying prospect: it forces every organisation in the EU to increase its compliance spending, significantly impacts how those organisations gather data and how it’s organised, and is backed by the threat of substantial fines. Equally, however, the Regulation aims to tread that line between protecting the rights of the individual and removing barriers to the free movement of personal data within the internal market
. That is, although the Regulation places limits and restrictions on the use and storage of personal data (sometimes called ‘personally identifiable information’, or PII), it does so in the interests of both keeping the EU at the forefront of the modern information economy while creating a ‘level playing field’ among EU Member States.
The organisations that appreciate this distinction – and have acted quickly to resolve issues and to ensure compliance with the Regulation – will be the ones that thrive in an evolving regulatory environment. The GDPR offers significant benefits to organisations operating internationally within the EU: standardised requirements for data protection mean organisations can streamline their processes, which may realise significant efficiency improvements while minimising the risk of compliance issues.
This pocket guide aims to help your organisation thrive under the GDPR by providing you with an understanding of the Regulation, the broader principles of data protection, and what the Regulation means for businesses in Europe and beyond.
There are key terms throughout this book that need to be properly understood to really get to grips with the Regulation. These are defined in Chapter 2 – Terms and definitions.
¹ There’s more on this in Chapter 3 of this guide (The Regulation).
CHAPTER 1: A BRIEF HISTORY OF DATA PROTECTION
The common conception of data protection is a very modern notion. We think of digitally stored databases and records, and we understand the importance of protecting them. It’s obvious: digital records have no physical weight and can be mislaid or stolen without removing the original, and it’s easy to comprehend that such a loss could represent an enormous amount of information. This isn’t the way it’s always been, though, and even today information in other formats needs to be protected.
Possibly the earliest forms of data and privacy protection come from the professions rather than legislation itself. For instance, lawyer-client confidentiality (or legal professional privilege, as it’s called in the UK) is believed to have begun as a sort of contract between a lawyer and their client many decades (and possibly centuries) before it entered into law itself. It was introduced as a way of ensuring that a lawyer could adequately represent their clients’ interests without the client fearing legal repercussions.
Equally, the keeping of medical records and a doctor’s confidentiality were established decades ago, and, although a court could force those records to be handed over, the medical profession otherwise kept them relatively safe. Once again, this was something that the profession handled long before the law moved to codify the practice.
Under these practices, specific silos of personal information were protected according to