GDPR: A Game of Snakes and Ladders How Small Businesses Can Win at the Compliance Game

List of Tables and Figures, List of Quotes and Case Studies, Preface/Introduction, Chapter 1 WHAT IS THE GENERAL DATA PROTECTION REGULATION (GDPR)? Basic Concept of GDPR, Key Principles or GDPR, The Link to Previous Legislation, The European Data Protection Board and National Supervisory Authorities, Who has to Comply with GDPR? What has GDPR Changed, The Penalties for Data Breaches, GDPR Compliance as an Ongoing Journey, What Must You Do? CHAPTER 2 GDPR TERMINOLOGY, GDPR Terms – People or Entities, GDPR Terms - Types of Personal Data, Key Terms – Actions, GDPR Terms – Consent, GDPR Terms – The Principles of GDPR, GDPR Terms - Lawful Basis, GDPR Terms - Subject Rights, CHAPTER 3 THE GDPR ARTICLES AND RECITALS, The Recitals of GDPR, The GDPR Articles Explained "in a Nutshell", CHAPTER 4 APPLYING GDPR TO YOUR ORGANISATION, How Does GDPR Apply to my Business? Communication, Privacy Notices, Checking how well you are doing with your preparations, CHAPTER 5 DATA CONTROLLERS, DATA PROCESSORS AND THE DATA PROTECTION OFFICER, Definition of Processing, Data Controllers, Data Processors, Security of Processing, Data Protection Officer (DPO), CHAPTER 6 ANALYSING WHAT PERSONAL DATA YOU HOLD, What is Personal Data? Special Categories of Information, What is Processing? What does GDPR Mean by Identified, Personal Data in the Case Study Organisation, Deciding What Information Can Be Used to Identify A Person, Fill in the Personal Data Grid for your organisation, CHAPTER 7 PRIVACY POLICIES AND NOTICES, Why do I need a Privacy Policy? What Information Should a Privacy Document Contain? How Should Privacy Information be Presented, Deciding What Your Privacy Document Includes, Benefits of A Privacy Policy, The Layered Approach, Creating a Privacy Notice/Statement, GDPR Consent, CHAPTER 8 RECORDING YOUR PROCESSING ACTIVITIES, Why do I need to Map the Data? Is a Data Flow Analysis or Data Audit Compulsory? How Long Will It Take? Understanding how Data Flows in an Organisation, Data Audit, Data Security, Data Protection Impact Assessment (DPIA), Data Subject’s Rights, CHAPTER 9 SHARING INFORMATION ELECTRONICALLY, Email, Direct Marketing, Physical Security, 9.9 WhatsApp and Messenger, Email Security and The Data Governance Policy, CHAPTER 10 DATA BREACHES, What is a Data Breach? Reporting a Data Breach, Planning How to Deal with a Breach, Staff Training, CHAPTER 11 KEEPING DATA SAFE, The Risks to Your Data, The GDPR Data Security Requirement, What does Data Security Mean? Identify Data Security Risks, Put in Place Data Security Measures, Physical Security Measures, Cyber Security Measures, Testing Your Security Measures, ISO27001/2:2013, Data Security Terms, Keeping yourself "Cyber safe", CHAPTER 12 RETAINING AND DELETING DATA, Retaining Data, Anonymisation, Pseudonymisation, Deletion, The Right of Erasure, Retaining Data from Dashcams/Helmet cams/CCTV, CHAPTER 13 AN INDIVIDUAL’S RIGHTS UNDER GDPR, Providing Information to Individuals, Data Subject’s Rights, Individual’s Data Access Options, Subject Access Request, Freedom of Information, Accessing Educational and Medical Records, Individuals Rights - Exemptions, CHAPTER 14 GDPR TRAINING, The Requirement, What Should the Training Include? Guidance on Handling, Retaining, Sharing and Deleting Data, Details of How the Organisation Uses Marketing Including Direct Under GDPR, Data Minimisation, Individuals Rights, Resource Links, Index

Biography

Samantha Alford is an established technical author, instructor and business management specialist and Data Protection Officer. She has over 35 years of experience in compliance, governance and oversight in the public, private and charity sectors. She is a Director and Owner of PPP Management Ltd.