Take it easy!

There’s a lot of confusion on how companies and organizations should implement the GDPR. This book, written in colloquial English, dispels the myth it’s all too difficult!

There’s a golden opportunity to do more – not less – with personal data by building deeper digital trust. The book explains how best to go about putting in place organisational and technical measures that add real value and enhance reputation and build deeper digital trust with customers, clients, supporters and employees.

The book is about joining the dots on business continuity, risk and technology.

In the foreword to the GDPR Handbook, Liz Denham, Information Commissioner UK writes:

“I often say that GDPR is a game-changer – that it moves data protection from the back room to the boardroom. I’m sure I’m not alone in recalling a career in data protection as a rather lonely, niche affair at times. Much like my own experience in Canada, the UK’s data protection community was traditionally a small group of enthusiastic and knowledgeable people ready to help each other out to raise standards.

“People like Ardi Kolah, who flew the flag for data protection many years before it broke into the mainstream with the arrival of GDPR. And what an arrival that has been. The profile of data protection issues continues to rise and with that an understanding from organisations, public and private, that data protection skills are an essential element of modern workplaces.

“Therefore I am pleased to take the opportunity to introduce Ardi’s GDPR Handbook. This Handbook is a useful and practical guide for Data Protection officers and others assigned with understanding and implementing the new data protection regime.

“This handbook arrives at a pivotal time for data protection and privacy. The laws we regulate are converging globally, consumer and citizen trust is ever more central to both business and the public sector, and a rapidly expanding digital economy is asking more questions of us all.

“UK citizens are better informed about their information rights than ever before. But alongside that increased awareness of the law, a lot of people feel they’ve lost control of their own data and that impacts their trust in organisations. For me, the end game in the data protection field is always about increasing public trust and confidence in how their personal data is used. And the way our personal information is handled has never been more important.

“Which of us doesn’t consider ourselves a citizen of the digital world today? Whether it’s the digital services we see every day on our phones and tablets, or the digital infrastructure that underpins everything from banking to manufacturing. Technology is moving so fast. And consumer trust needs to follow it. That’s why the law needed to be rebooted for the digital age. The GDPR builds on the previous legislation, it provides more protections for consumers, and more privacy considerations for organisations. But this is a step-change. It’s evolution, not revolution.

“There are specific new obligations for organisations, for example around reporting data breaches and transferring data across borders. But the real change for organisations is understanding the new rights for consumers. They’ll have the right to request that personal data be deleted or removed if there’s no compelling reason for an organisation to carry on processing it, and new rights around data portability and how they give consent.

“It’s vital that organisations are prepared to comply but they can also prosper in the new regulatory landscape. If your organisation can demonstrate that good data protection is a cornerstone of your business policy and practices, you’ll see a real business benefit.

“An upfront investment in data protection skills offers a payoff down the line; respectful and responsible use of personal data is simply good business and good government. Whether that means attracting more customers or more efficiently meeting pressing public policy needs, I believe there is a real opportunity for organisations to present themselves on the basis of how they understand and respect the privacy of individuals. And they can only do that with the properly skilled staff in place.

“I trust that Ardi’s efforts on this handbook will assist data protection practitioners in building this essential skills base. Ardi and others of his generation often walked a rather lonely path in their efforts to have data protection taken seriously by the mainstream. I know that with his authoritative handbook by their sides, a new generation of practitioners will embark down a far less lonely path towards their own data protection careers.”

Bruno Gencarelli, Head of International Data Flows and Protection Unit, European Commission adds:

“In the words of Louis Brandeis, one of the founders of modern privacy law, the “right to be left alone [is] the most comprehensive of rights, and the right most valued by free people”.

“Ninety years have passed since Justice Brandeis so eloquently captured what privacy means but these words have never been truer than they are today in our digital world.

“Few months ago, in its landmark judgment of 24 August 2017, the Indian Supreme Court highlighted the fundamental nature and universal value of that right as a core condition of being a free person – or, to quote the New Delhi judges, as “an essential facet of the dignity of the human being”.

“The recent Facebook/Cambridge Analytica revelations made us realise how much there is at stake also from a collective point of view, for the society as a whole, including for the very functioning of the democratic process. These and other developments have reminded all of us of why it is important to protect personal data as a central individual right and a democratic imperative but also as an economic necessity: without consumers’ trust in the way their data is handled, there can be no sustainable growth of our increasingly data-driven economy.

“The General Data Protection Regulation (GDPR), which will enter into application on 25th May, is the European Union’s response to these challenges and opportunities. It seeks to create a virtuous circle between better protection of privacy as a fundamental right, enhanced confidence of consumers in how the privacy and security of their data is guaranteed, in particular online, and economic growth.

“While building on foundations that have been in place for more than 20 years, under the 1995 Directive, the GDPR contains many innovations, some of which will profoundly change the way privacy is protected and enforced in Europe.

“From the harmonisation of data protection rules across the continent – not only in the book but also in their interpretation and application by a network of national authorities equipped with effective powers – to the replacement of a system based on ex-ante control by one relying on the principle of accountability and ex-post enforcement.

“From the clarification of key data protection concepts – through, for instance, the requirement that consent must consist of a clear affirmative action – to the establishment of new rights and safeguards to put individuals in better control of their data, such as the right to portability or the notification of data breaches.

“From scalable obligations depending on the level of risk of processing operations, which should notably create new incentives for technological solutions limiting the impact on privacy, to the introduction of an element of co-regulation through “bottom-up” tools, such as codes of conduct or certification mechanisms, to help companies managing and demonstrating compliance including in the area of international transfers.

“These are just some examples of the novel features of the reformed EU privacy framework presented in this GDPR Handbook.

“Ardi Kolah is an excellent guide with whom to explore the new European data protection landscape. The journey is never boring. At each stop of this full tour of the GDPR, the reader is provided with accessible information, very clear explanations, useful insights and practical advice. I am sure that this handbook will prove of great assistance to many practitioners, in Europe and worldwide. I wish it all the success it deserves.

Order your copy from Amazon here

Leave a reply