Category GDPR Handbook

My latest book – pre-order NOW!

The GDPR Handbook is a thorough introduction to the EU General Data Protection Regulation. It covers in detail how companies of all sizes need to operate within the GDPR requirements and how to deal with information security and risk, and specifically addresses the key duties and responsibilities of the Data Protection Officer.

Using the latest research, this book will help Data Protection Officers and businesses carry out Data Protection Impact Assessments, create and enforce data protection policies, train staff and manage data protection teams. The GDPR Handbook is the ultimate, jargon-free guide for any company or organization to interpret GDPR into clear, actionable steps.

Table Of Contents

    • Chapter – 01: ‘Speed read’ of General Data Protection Regulation 2016/679 (GDPR);
    • Ch...
Read More

US companies are behind the curve on understanding how GDPR impacts their businesses

There’s an eerie lack of awareness about the impact of the GDPR on US businesses that target consumers in the European Union. According to recent research by the IAPP, complexity of laws, inadequate budget and too little time combined with the lack of qualified and trained staff have conspired to perpetuate this lack of readiness by US companies.

Here in Europe, many companies and organisations have been bracing themselves for the biggest shake-up in data protection, privacy and security for over two decades that’s fully effective from 25 May 2018 – in 13 days’ time.

I’ve been in conversations with senior US-executives who’ve boldly told me that the “GDPR doesn’t apply to them” and in any event they can rely on ‘legitimate interest’ to continue to market goods and services and monitor t...

Read More

‘Surveillance Capitalism’ – will it survive post-GDPR?

Facebook and Cambridge Analytica now face a series of class actions for ‘surveillance capitalism’ in the US – will this open the floodgates for similar legal actions across the world?

Class Action Complaint Case No. 18-cv-02276 has been brought by Patricia King (Plaintiff) in the US District Court for the Northern District of California and has asked for trial by jury.

The class action reads as follows:

1. Facebook is a social networking platform that engages in surveillance capitalism: It monetizes personal and behavioral data which it acquires through real-time surveillance of Facebook users. (see Shoshana Zuboff, Big Other: Surveillance Capitalism and the Prospects of an Information Civilization, 30 J. Info. Tech. 75 (Apr. 4, 2015), available at http://ssrn.com/abstract=2594754).

2...

Read More

The joys of data hygiene

Unfortunately, the article in the current edition of my favourite business newspaper The Economist in explaining the GDPR was riddled with errors. Tut tut!

Here’s an example: “Data Subjects can demand a copy of the data held on them (data portability) …” which as we all know is a subject access request (SAR) and isn’t an absolute right under the GDPR.

Another error in the article on GDPR is the bold assertion: “The GDPR is prescriptive about what organisations have to do to comply.”

Er, no it isn’t. Few bits go into detail, like the requirements for a data protection impact assessment (Art.35, GDPR) or a subject access request (Art. 15, GDPR).

The GDPR is a deliberate move away from a ‘tick-box’ approach of the Data Protection Directive 95/46/EC that it replaces and moves to a risk-ba...

Read More

Follow the leader. Why the US needs to learn the lessons of data protection from Europe

Read More

Written for a new type of Superhero!

Published globally by Kogan Page and available on Amazon from 3 June 2018. Price: £49.99/$85.00. Foreword written by Elizabeth Denham, UK Information Commissioner.

Contents: (1) Speed read of the GDPR (2) The role of the Data Protection Officer (3) The gap between policy, company appetite and reality (4) Upward and downward communication (5) Identifying risks (6) Sanctions, compliance and fines (7) The Data Protection Impact Assessment (8) Privacy and Security Breach Management (9) Managing the Value Chain (10) Introducing Data Protection by Design and by Default (11) Contracting out personal data processing (12) Data incident breach: obligations, implications and management (13) Security standards (14) Implementing Data Protection by Design and by Default (15) Technical security measures...

Read More