Data Protection and Compliance
eBook - ePub

Data Protection and Compliance

Second edition

Stewart Room, Stewart Room

Share book
  1. 350 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Data Protection and Compliance

Second edition

Stewart Room, Stewart Room

Book details
Book preview
Table of contents

About This Book

Large-scale data loss and data privacy compliance breaches continue to make headline news, highlighting the need for stringent data protection policies, especially when personal or commercially sensitive information is at stake. While regulations and legislation exist to address these issues, how organisations can best tailor their compliance approaches to their own operational circumstances has remained an open question. The focus of this book is on operationalising a truly risk-based approach to data protection and compliance, beyond just emphasis on regulatory frameworks and legalistic compliance.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Data Protection and Compliance an online PDF/ePUB?
Yes, you can access Data Protection and Compliance by Stewart Room, Stewart Room in PDF and/or ePUB format, as well as other popular books in Law & Science & Technology Law. We have over one million books available in our catalogue for you to explore.






Stewart Room
This chapter acts as the foundation stone for all the issues discussed in this book. It introduces the core aims and objectives of data protection; explains how the topic relates to the right to privacy; provides illustrations of some of the critical priorities in this area; and identifies the main sources of law.
The idea of ‘data protection’ can be looked at in several ways. In an operational sense, it means achieving predefined outcomes during the collection, use and storage of personal data, which is called ‘data processing’. In a legal sense, it means the regulatory framework that governs these activities. In a colloquial and limited sense, it is sometimes viewed as a synonym for the security of data, but this would not be representative of the established European view of things.
Taking the General Data Protection Regulation 2016 (GDPR) as a starting point, the title of this legislation clarifies that data protection means ‘the protection of natural persons with regard to the processing of personal data and … the free movement of such data’. Recital 6 of the GDPR summarises the issues perfectly.
GDPR R.6 – Goals of data protection
Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.
To emphasise a point that is implicit within the title of the GDPR but not always obvious, the topic of data protection is not simply about the concept of privacy. In fact, many aspects of the law cut through the concept of privacy, such as the support that it gives to sharing of personal data in the public interest, that is, without the consent or permission of the person whose data are affected.
However, the modern concept of data protection does have its historical root in privacy law. This is demonstrated by the text in the Council of Europe Resolution (73) 22, explanatory report box, which is from the Council’s 1973 Resolution on private sector1 data banks. The 1973 Resolution was a landmark event in data protection, as it provided one of the first statements of the data protection principles: the principles are the foundation stone upon which all forms of data protection law are built. It was followed in 1974 by a companion resolution for the public sector.2
Perhaps the best way to look at how privacy relates to the topic of data protection is to see it as being a very significant part of the topic, but the topic is much bigger than privacy. Due to the significance of the topic of privacy within data protection, it is worth looking into it a little further at this stage.
Council of Europe Resolution (73) 22, explanatory report
1. It is generally recognised that the development of modern science and technology, which enable man to attain an advanced standard of living, brings in its wake certain dangers threatening the rights of individuals. This is the case, for instance, with the utilisation of new techniques for surveillance or observation of persons and for compiling and processing data pertaining to them,
2. A survey, conducted in 1968–70 by the Committee of Experts on Human Rights of the Council of Europe, on the legislation of the Member States with regard to human rights and modern scientific and technological developments has shown that the existing law does not provide sufficient protection for the citizen against intrusions on privacy by technical devices …
3. A particular new source of possible intrusion into privacy has been created by the rapid growth and popularisation of computer technology. The purposes which computers are increasingly serving in the public and private sectors are by themselves not basically different from those served by more traditional forms of data storage and processing.
What is privacy?
There are many philosophical threads of ideas within the right to privacy, which cover concepts such as ‘the right to be let alone’,3 through to the concept of personal data protection within the GDPR.
The right to privacy was crystallised within the European Convention on Human Rights (ECHR) in 1950 (see Article 8) and was restated by the EU Charter of Fundamental Rights in 2012 (see Article 7). In the UK the right to privacy has developed into a tort known as the tort of misuse of private information, a civil law right, breach of which is actionable in court and compensatable in damages. Table 1.1 sets out the wording of the right to privacy as it has crystallised within pan-European law.
Table 1.1 The right to privacy
European Convention on Human Rights
Charter of Fundamental Rights of the European Union
Article 8:
Right to respect for private and family life
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
Article 7:
Respect for private and family life
Everyone has the right to respect for their private and family life, home and communications.
Are there exceptions to the right to privacy?
The right to privacy is not an absolute right. As shown by Article 8.2 of the ECHR, privacy can be interfered with, if the interference is authorised by law and is necessary and proportionate. This means that when questions about interferences with privacy come to be judged, a balancing act must be performed to understand both the legal justification for the interference and how the right to privacy compares with other competing rights in a relative sense.
Privacy versus freedom of expression
A common situation where the balancing act needs to be performed is during press and media reporting of news stories, when the right to freedom of expression, crystallised by Article 10 of the ECHR, competes with the right to privacy. There have been countless court cases about this, often concerning celebrities,4 sportspeople5 and royalty,6 and they will never end. The phone-hacking scandal, which led to the Leveson Inquiry and the closure of the News of the World newspaper, as well as the prosecution and imprisonment of various people in the newspaper industry, illustrates the damage that can be done when the exercise of the right of freedom of expression fails to have regard to the balancing act.
Privacy versus security and law enforcement
Security and law and enforcement agencies override the right to privacy in the interests of national security, public safety, the prevention of disorder and crime and related public interests encapsulated by Article 8.2. Again, the balancing act must be performed and as with the case of freedom of expression, this has generated countless court cases and scandals. Example...

Table of contents