Following the implementation of the new General Data Protect Regulation on 25 May 2018, organizations should now be fully compliant with their national interpretation of this far-reaching data protection standard. The reality is that most are not; whether through their inappropriate use of online cookies or ineffective physical data security, businesses continue to struggle with the increasing pressure from regulators to apply the Regulation. Non-compliance is widely due to misinterpretation, lack of real-world thinking, and challenges in balancing costs against business practicalities.
This book provides insight into how to achieve effective compliance in a realistic, no-nonsense and efficient way. The authors have over 100 years’ collective international experience in security, compliance and business disciplines and know what it takes to keep companies secure and in-line with regulators’ demands. Whether your organization needs to swiftly adopt GDPR standards or apply them in “Business as Usual” this book provides a wide range of recommendations and explicit examples.
With the likelihood of high-profile penalties causing major reputational damage, this book explains how to reduce risk, run a remedial project, and take immediate steps towards mitigating gaps. Written in plain English, it provides an invaluable international reference for effective GDPR adoption.
Table of Contents
About the Authors, Acknowledgements, Introduction, Section 1 – Does the GDPR apply to you? Section 2 – GDPR Principles, Section 3 – Key Roles, Section 4 – Rights of the Data Subject, Section 5 – Your GDPR Project, Section 6 – Information Security Best Practice, Section 7 – Awareness, Section 8 – Data Handling and Management, Section 9 – Data Breaches, Section 10 – Your Technology Environment, Section 11 – Assessing Your Suppliers, Section 12 – Direct Marketing, Section 13 – Privacy Notice(s), Section 14 – The Regulation and Articles, Index
Andrew Denley is a GDPR Compliance Consultant with 35 years’ experience in the research, intelligence, government and commerce sectors in both technical and consultancy capacities. In recent years he has championed and implemented information security risk analysis and framework compliance for a number of commercial companies with considerable success. An ISO27001 Lead Auditor, he has been listed on the International Register for Certified Auditors.
Mark Foulsham is Chief Digital Officer at Scope, CEO of Surrey Innovations, and Director of CIO Connect, UK. He has experience spanning over 30 years in leading both business and technology disciplines within organizations and has supported businesses from the Financial Services, wider commercial sector, universities and social enterprises in achieving their GDPR compliance programmes.
Brian Hitchen is a GDPR Compliance Consultant and author with 30 years’ experience working as an IT Security Manager for a number of financial services organizations. With an interest in cyber crime and the impact on small to medium businesses, Brian now writes to help companies better understand IT security, risks and issues, contingency planning and data analysis and plan what they need to do to counter the latest threats and deal with legislation.
"The GDPR was introduced in May 2018 and has had an impact on all organisations that store or process the personal data of any EU Citizen. Understanding the ethical implications of the legislation and knowing what you need to do and also what you don't will be important to your company." - Dr Blay Whitby is a philosopher and technology ethicist specialising in computer science, artificial intelligence and robotics. He is based at the University of Sussex, England. He is also an ethics expert for the EU and a member of the UK All Party Parliamentary Advisory Group on AI.
"The GDPR was introduced in May 2018 and will impact any organisation that processes the personal data of any EU Citizen. Understanding what you need to do and also what you don't will be important to your company." - Matthew Bellringeris a former Head of Platform Development, in the IT Services department of the University of Sussex, and Founder of Meaningbit.com.
"Written to help those who manage data, GDPR: How to Achieve and Maintain Compliance provides clear and concise information in an easy-to-read format. Why should a non-European business care about EU privacy data? The answers are found throughout this book, which includes numerous references to articles and recitals in each chapter." - Mark A. Terry, CPP, PCI, PSP, CISSP