GDPR: A Game of Snakes and Ladders
eBook - ePub

GDPR: A Game of Snakes and Ladders

How Small Businesses Can Win at the Compliance Game

Samantha Alford

  1. 252 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

GDPR: A Game of Snakes and Ladders

How Small Businesses Can Win at the Compliance Game

Samantha Alford

Book details
Book preview
Table of contents
Citations

About This Book

For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities and sole traders, applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder, a snake appears, which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines seeming around every corner, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance.

GDPR: A Game of Snakes and Ladders is an easy to read reference tool, which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulation is explained so that organisations can comply with the minimum of fuss and deliver this compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders training slide pack. Additional resources are available on the companion website.

This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game).

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is GDPR: A Game of Snakes and Ladders an online PDF/ePUB?
Yes, you can access GDPR: A Game of Snakes and Ladders by Samantha Alford in PDF and/or ePUB format, as well as other popular books in Commerce & Gestion de l'information. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2020
ISBN
9781000027211
Edition
1
Topic
Commerce
Subtopic
Gestion de l'information

Chapter 1

What is the General Data Protection Regulation (GDPR)?
If you keep someone’s name and contact details in any form of database (be these paper files or on the computer) and you use that information for business within the EU then the GDPR applies to you. There are only a few exceptions such as if the processing is for purely personal use or law enforcement.
General Data Protection Regulation (GDPR) is the 2018 European Union Regulation on data protection and privacy for individuals. It enshrines the necessity to keep personal information private.
This chapter provides and introduction to the Regulation outlining the key components and principles of GDPR. It provides the reader with an overview of where the legislation applies, what has changed from previous data protection legislation and what these changes mean for business. It is designed as an overview for those wishing to understand more about how it will affect them and their businesses. The chapter concludes with a section on actions that small and medium size businesses should take in order to ensure that they are complainant with this relatively “new” Regulation.
Although GDPR appears quite complex at first glance, it is based on the very simple concept that individuals have a right to keep their personal data private, and have the right to understand and decide what happens to this information.
The legislation applies throughout Europe and will apply in the UK irrespective of Brexit. This is because the UK Data Protection Act was updated in May 2018 to replicate GDPR. On exit from the EU the UK-GDPR will come into effect which mirrors the EU GDPR legislation.
Getting data protection wrong can have a significant impact both on the individuals about whom data is being processed and the business processing the data. The fines that can be imposed on a business or organisation by the regulatory bodies are significant. Therefore, whatever the size of the organisation, it is essential that you take GDPR seriously. No matter how much personal data you hold, you must ensure that you comply with GDPR.
GDPR consolidated all the previous data privacy laws from across Europe. It is also a vehicle to protect the privacy of the individual (be they an EU citizen, a person living or working in the EU or someone whose data is processed by an entity based in the EU). Figure 1.1 shows these three instances where the GDPR applies.
In the UK, the EU (Withdrawal) Act 2018 gives the government regulation-making powers to transitionally recognise all EEA countries as having “adequate” systems of data protection (from the UK). It is unclear at the time of writing if this will be reciprocated by the EU, so UK companies wishing to do business in Europe after Brexit have been recommended to put safeguards in place so that they can pass an “adequacy” test. In order to pass this “adequacy” test, organisations will have to comply with GDPR and have suitable contracts in place with their Processors.
Figure 1.1 Where GDPR Applies
Any information that relates to an identifiable person is referred to in GDPR as “personal data”. It doesn’t matter whether the individual could be directly or indirectly identified through this data.
This means that personal data can include names, contact details, CCTV, photographs, car registrations, as well as dates of birth, credit card details, etc. (Personal data is covered in more detail in Chapter 6 on p. 117.)
Personal data can be held in paper files, on a phone or in a computer database. But, irrespective of how you hold the data, all information that is held on file is covered by the legislation.

Basic concept of GDPR

The basic concept of GDPR is that processing should be lawful, fair and transparent.
  • In order to collect and use personal data the organisation must have valid grounds under the GDPR (this is known as a “lawful basis”).
  • The data must only be processed in a way that is fair. Most especially data must not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.
  • The organisation must be clear, open and honest (transparent) with people from the start about how they plan to use an individual’s pe...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Dedication
  6. Table of Contents
  7. List of tables
  8. List of figures
  9. List of case studies
  10. List of quotes
  11. Preface
  12. 1. What is the General Data Protection Regulation (GDPR)?
  13. 2. GDPR terminology
  14. 3. The GDPR Articles and Recitals
  15. 4. Applying GDPR to your organisation
  16. 5. Data Controllers, Data Processors and the Data Protection Officer
  17. 6. Analysing what personal data you hold
  18. 7. Privacy Policies and Notices
  19. 8. Recording your processing activities
  20. 9. Sharing information electronically
  21. 10. Data Breaches
  22. 11. Keeping data safe
  23. 12. Retaining and deleting data
  24. 13. An individual’s rights under GDPR
  25. 14. GDPR training
  26. GDPR resource links
  27. Index
Citation styles for GDPR: A Game of Snakes and Ladders

APA 6 Citation

Alford, S. (2020). GDPR: A Game of Snakes and Ladders (1st ed.). Taylor and Francis. Retrieved from https://www.perlego.com/book/1520776/gdpr-a-game-of-snakes-and-ladders-how-small-businesses-can-win-at-the-compliance-game-pdf (Original work published 2020)

Chicago Citation

Alford, Samantha. (2020) 2020. GDPR: A Game of Snakes and Ladders. 1st ed. Taylor and Francis. https://www.perlego.com/book/1520776/gdpr-a-game-of-snakes-and-ladders-how-small-businesses-can-win-at-the-compliance-game-pdf.

Harvard Citation

Alford, S. (2020) GDPR: A Game of Snakes and Ladders. 1st edn. Taylor and Francis. Available at: https://www.perlego.com/book/1520776/gdpr-a-game-of-snakes-and-ladders-how-small-businesses-can-win-at-the-compliance-game-pdf (Accessed: 14 October 2022).

MLA 7 Citation

Alford, Samantha. GDPR: A Game of Snakes and Ladders. 1st ed. Taylor and Francis, 2020. Web. 14 Oct. 2022.