GDPR: A Game of Snakes and Ladders
How Small Businesses Can Win at the Compliance Game
Samantha Alford
- 252 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
GDPR: A Game of Snakes and Ladders
How Small Businesses Can Win at the Compliance Game
Samantha Alford
About This Book
For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities and sole traders, applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder, a snake appears, which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines seeming around every corner, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance.
GDPR: A Game of Snakes and Ladders is an easy to read reference tool, which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulation is explained so that organisations can comply with the minimum of fuss and deliver this compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders training slide pack. Additional resources are available on the companion website.
This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game).
Frequently asked questions
Information
Chapter 1
What is the General Data Protection Regulation (GDPR)?
If you keep someoneâs name and contact details in any form of database (be these paper files or on the computer) and you use that information for business within the EU then the GDPR applies to you. There are only a few exceptions such as if the processing is for purely personal use or law enforcement. |
Although GDPR appears quite complex at first glance, it is based on the very simple concept that individuals have a right to keep their personal data private, and have the right to understand and decide what happens to this information. |
Basic concept of GDPR
- In order to collect and use personal data the organisation must have valid grounds under the GDPR (this is known as a âlawful basisâ).
- The data must only be processed in a way that is fair. Most especially data must not be processed in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.
- The organisation must be clear, open and honest (transparent) with people from the start about how they plan to use an individualâs pe...
Table of contents
- Cover
- Half Title
- Title Page
- Copyright Page
- Dedication
- Table of Contents
- List of tables
- List of figures
- List of case studies
- List of quotes
- Preface
- 1. What is the General Data Protection Regulation (GDPR)?
- 2. GDPR terminology
- 3. The GDPR Articles and Recitals
- 4. Applying GDPR to your organisation
- 5. Data Controllers, Data Processors and the Data Protection Officer
- 6. Analysing what personal data you hold
- 7. Privacy Policies and Notices
- 8. Recording your processing activities
- 9. Sharing information electronically
- 10. Data Breaches
- 11. Keeping data safe
- 12. Retaining and deleting data
- 13. An individualâs rights under GDPR
- 14. GDPR training
- GDPR resource links
- Index