Table of Contents
BCS Learning and Development Ltd 2021
The right of Stewart Room to be identified as authors of this work has been asserted by them in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.
All rights reserved. Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted by the Copyright Designs and Patents Act 1988, no part of this publication may be reproduced, stored or transmitted in any form or by any means, except with the prior permission in writing of the publisher, or in the case of reprographic reproduction, in accordance with the terms of the licences issued by the Copyright Licensing Agency. Enquiries for permission to reproduce material outside those terms should be directed to the publisher.
All trade marks, registered names etc. acknowledged in this publication are the property of their respectiveowners. BCS and the BCS logo are the registered trade marks of the British Computer Society charity number292786 (BCS).
Published by BCS Learning and Development Ltd, a wholly owned subsidiary of BCS, The Chartered Institute for IT, 3 Newbridge Square, Swindon, SN1 1BY, UK.
www.bcs.org
Paperback ISBN: 978-1-78017-5249
PDF ISBN: 978-1-78017-5256
ePUB ISBN: 978-1-78017-5263
British Cataloguing in Publication Data.
A CIP catalogue record for this book is available at the British Library.
Disclaimer:
The views expressed in this book are of the authors and do not necessarily reflect the views of the Institute or BCS Learning and Development Ltd except where explicitly stated as such. Although every care has been taken by the authors and BCS Learning and Development Ltd in the preparation of the publication, no warranty is given by the authors or BCS Learning and Development Ltd as publisher as to the accuracy or completeness of the information contained within it and neither the authors nor BCS Learning and Development Ltd shall be responsible or liable for any loss or damage whatsoever arising by virtue of such information or any instructions or advice contained within this publication or by any of the aforementioned.
All URLs were correct at the time of publication.
Publishers acknowledgements
Reviewer: Toby Hayes
Publisher: Ian Borthwick
Commissioning editor: Rebecca You
Production manager: Florence Leroy
Project manager: Sunrise Setting Ltd
Copy-editor: Moira Eagling
Proofreader: Barbara Eastman
Indexer: Matthew Gale
Cover design: Alex Wright
Cover image: iStock Zolga_F
Typeset by Lapiz Digital Services, Chennai, India
The past few years has seen transformative changes in privacy, particularly in the UK, where GDPR and Brexit have created a host of new and potentially divergent data protection laws. In this book, Stewart and his team distil several decades of accumulated privacy, data protection and information governance experience and know-how into a guide thats essential reading for data protection newcomers and experienced practitioners alike.
Toby Hayes FBCS CITP FIP CIPP/E CIPM
An ideal resource and must read for new and seasoned privacy practitioners, Data Protection and Compliance provides a comprehensive overview of UK privacy requirements together with a practical focus on hot topics and emerging issues to watch out for. Uniquely, the book helps the reader understand how the breadth of the legal, policy and practical requirements all fit together with a contextual summary and tables, untangling the deluge of privacy data.
Vivienne Artz OBE , NED, GLEIF, former CPO LSEG/Refinitiv/Thomson Reuters
Stewart Room and his team apply their extensive knowledge of data protection law and practice to provide an invaluable resource on data protection that rightly goes beyond interpreting and understanding the law, and unpacks what this means on the ground for compliance leaders and their advisors. Full of practical insights on governance, risk and compliance in the data protection domain, every DPO should have this on their desk!
Stephen Deadman , VP, DPO, Meta
In a rapidly expanding digitised global economy, this book is a must-read and a go-to resource for legal and privacy professionals and all others interested in this field. Seeing data processing as a power for good, it contains a wealth of legal knowledge and practical insights into the key issues within the world of data protection. Highly recommended.
Olivia Shirville CIPP/E CIPM , Lead Privacy Counsel (EMEA), Aon
One of the biggest challenges to data protection law is how to effectively operationalise compliance and manage risk effectively within an evolving business structure. This book shows appreciation for this challenge and provides clear methods and concepts to address it. Operational landscape of data protection is summed up concisely and the concept of Technology Reference Architecture linked to Privacy by Design, is incredibly insightful and relevant for businesses. I recommend this book for all data privacy practitioners, including in-house lawyers.
Nargis Hassani , Solicitor
Data Protection and Compliance tackles a rapidly evolving and complex regulatory landscape, in an easy to understand and practical manner. With data driving the digital evolution for most organisations, the ability to comprehend and apply an appropriate compliance framework, with respect to people, processes and systems, is increasingly challenging. For those organisations putting data at the heart of their business strategy, this is a comprehensive resource, which pulls together a wealth of subject matter expertise, tried and tested practical compliance approaches and useful insights into the rationale behind the legislation. Highly recommended.
Janine McKelvey , BT General Counsel Digital & Innovation, BT Group Data Protection and Ethics Officer
There are many misconceptions about what is and isnt data protection, alongside the misinformation and scaremongering that arose in the early days of the GDPR. This book distils the considerable knowledge of its author and fellow contributors to deliver the key facts with clarity, supported with reference to landmark cases and regulatory texts. The chapter on Operational Data Protection is a timely reminder that data protection is people, paper (processes) and technology, and that all three are required to be effective.
David Francis CIPP/E CIPT CIPM , Group Data Protection Officer, Canopius
Stewart Room and his co-authors have certainly discovered the special sauce when seeking to create a book that will appeal to so many. Data Protection and Compliance, 2nd edition, is truly inimitable amongst a minefield of technical, legal, and business publications on data protection and privacy. Taking the reader on a journey through history to providing practical operational advice is not only educationally important but also invaluable to practitioners across the multidisciplinary spectrum, regardless of their sector or experience.