For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities and sole traders, applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder, a snake appears, which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines seeming around every corner, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance.
GDPR: A Game of Snakes and Ladders is an easy to read reference tool, which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulation is explained so that organisations can comply with the minimum of fuss and deliver this compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders training slide pack. Additional resources are available on the companion website.
This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game).
Trusted by 375,005 students
Access to over 1.5 million titles for a fair monthly price.
What is the General Data Protection Regulation (GDPR)?
If you keep someone’s name and contact details in any form of database (be these paper files or on the computer) and you use that information for business within the EU then the GDPR applies to you. There are only a few exceptions such as if the processing is for purely personal use or law enforcement.
General Data Protection Regulation (GDPR) is the 2018 European Union Regulation on data protection and privacy for individuals. It enshrines the necessity to keep personal information private.
This chapter provides and introduction to the Regulation outlining the key components and principles of GDPR. It provides the reader with an overview of where the legislation applies, what has changed from previous data protection legislation and what these changes mean for business. It is designed as an overview for those wishing to understand more about how it will affect them and their businesses. The chapter concludes with a section on actions that small and medium size businesses should take in order to ensure that they are complainant with this relatively “new” Regulation.
Although GDPR appears quite complex at first glance, it is based on the very simple concept that individuals have a right to keep their personal data private, and have the right to understand and decide what happens to this information.
The legislation applies throughout Europe and will apply in the UK irrespective of Brexit. This is because the UK Data Protection Act was updated in May 2018 to replicate GDPR. On exit from the EU the UK-GDPR will come into effect which mirrors the EU GDPR legislation.
Getting data protection wrong can have a significant impact both on the individuals about whom data is being processed and the business processing the data. The fines that can be imposed on a business or organisation by the regulatory bodies are significant. Therefore, whatever the size of the organisation, it is essential that you take GDPR seriously. No matter how much personal data you hold, you must ensure that you comply with GDPR.
GDPR consolidated all the previous data privacy laws from across Europe. It is also a vehicle to protect the privacy of the individual (be they an EU citizen, a person living or working in the EU or someone whose data is processed by an entity based in the EU). Figure 1.1 shows these three instances where the GDPR applies.
In the UK, the EU (Withdrawal) Act 2018 gives the government regulation-making powers to transitionally recognise all EEA countries as having “adequate” systems of data protection (from the UK). It is unclear at the time of writing if this will be reciprocated by the EU, so UK companies wishing to do business in Europe after Brexit have been recommended to put safeguards in place so that they can pass an “adequacy” test. In order to pass this “adequacy” test, organisations will have to comply with GDPR and have suitable contracts in place with their Processors.
Figure 1.1 Where GDPR Applies
Any information that relates to an identifiable person is referred to in GDPR as “personal data”. It doesn’t matter whether the individual could be directly or indirectly identified through this data.
This means that personal data can include names, contact details, CCTV, photographs, car registrations, as well as dates of birth, credit card details, etc. (Personal data is covered in more detail in Chapter 6 on p. 117.)
Personal data can be held in paper files, on a phone or in a computer database. But, irrespective of how you hold the data, all information that is held on file is covered by the legislation.
Basic concept of GDPR
The basic concept of GDPR is that processing should be lawful, fair and transparent.
In order to collect and use personal data the organisation must have valid grounds under the GDPR (this is known as a “lawful basis”).
The data must only be processed in a way that is fair. Most especially data must not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.
The organisation must be clear, open and honest (transparent) with people from the start about how they plan to use an individual’s pe...
Table of contents
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
List of tables
List of figures
List of case studies
List of quotes
Preface
1. What is the General Data Protection Regulation (GDPR)?
2. GDPR terminology
3. The GDPR Articles and Recitals
4. Applying GDPR to your organisation
5. Data Controllers, Data Processors and the Data Protection Officer
6. Analysing what personal data you hold
7. Privacy Policies and Notices
8. Recording your processing activities
9. Sharing information electronically
10. Data Breaches
11. Keeping data safe
12. Retaining and deleting data
13. An individual’s rights under GDPR
14. GDPR training
GDPR resource links
Index
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go. Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access GDPR: A Game of Snakes and Ladders by Samantha Alford in PDF and/or ePUB format, as well as other popular books in Law & Business General. We have over 1.5 million books available in our catalogue for you to explore.
