Data Protection and Compliance

Second edition

By (author) Stewart Room Contributions by Michelle Maher, Niall O'Brien, Adam Panagiotopoulos, Shervin Nahid, Richard Hall, Tughan Thuraisingam, James Drury-Smith, Simon Davis, Mark Hendry, Jamie Taylor, Ben Johnson

Publication date:

25 November 2021

Length of book:

416 pages

Publisher

BCS, The Chartered Institute for IT

Dimensions:

244x170mm
7x10"

ISBN-13: 9781780175249

Large-scale data loss and data privacy compliance breaches continue to make headline news, highlighting the need for stringent data protection policies, especially when personal or commercially sensitive information is at stake. While regulations and legislation exist to address these issues, how organisations can best tailor their compliance approaches to their own operational circumstances has remained an open question. The focus of this book is on operationalising a truly risk-based approach to data protection and compliance, beyond just emphasis on regulatory frameworks and legalistic compliance.

Part I - The Big Picture

1. Introduction to data protection

2. Introduction to the GDPR

3. Introduction to ePrivacy

4. Introduction to operational data protection

Part II - Core Law

5. The principles of data protection

6. The rights of data subjects

Part III - Operating Internationally

7. National supervision within an international framework

8. Transferring data between the GDPR landmass and third countries

9. Data protection beyond the GDPR landmass

Part IV - Delivery

10. Mechanisms to support operational compliance

11. Programmatic approaches for delivering data protection by design and default

12. Being accountable for records of processing, legitimate interests and risk management

13. 'The journey to code'

Part V - Adverse Scrutiny

14. How to prepare for the risks of challenge and 'adverse scrutiny'

15. Complaints, rights requests, regulatory investigations and litigation

16. Regulatory action

17. Handling personal data breaches

The past few years has seen transformative changes in privacy, particularly in the UK, where GDPR and Brexit have created a host of new and potentially divergent data protection laws. In this book, Stewart and his team distill several decades of accumulated privacy, data protection and information governance experience and know-how into a guide that’s essential reading for data protection newcomers and experienced practitioners alike.