GDPR
How To Achieve and Maintain Compliance

Following the implementation of the new General Data Protect Regulation on 25 May 2018, organizations should now be fully compliant with their national interpretation of this far-reaching data protection standard. The reality is that most are not; whether through their inappropriate use of online cookies or ineffective physical data security, businesses continue to struggle with the increasing pressure from regulators to apply the Regulation. Non-compliance is widely due to misinterpretation, lack of real-world thinking, and challenges in balancing costs against business practicalities.

This book provides insight into how to achieve effective compliance in a realistic, no-nonsense and efficient way. The authors have over 100 years? collective international experience in security, compliance and business disciplines and know what it takes to keep companies secure and in-line with regulators? demands. Whether your organization needs to swiftly adopt GDPR standards or apply them in ?Business as Usual? this book provides a wide range of recommendations and explicit examples.

With the likelihood of high-profile penalties causing major reputational damage, this book explains how to reduce risk, run a remedial project, and take immediate steps towards mitigating gaps. Written in plain English, it provides an invaluable international reference for effective GDPR adoption.

About the Authors, Acknowledgements, Introduction, Section 1 – Does the GDPR apply to you? Section 2 – GDPR Principles, Section 3 – Key Roles, Section 4 – Rights of the Data Subject, Section 5 – Your GDPR Project, Section 6 – Information Security Best Practice, Section 7 – Awareness, Section 8 – Data Handling and Management, Section 9 – Data Breaches, Section 10 – Your Technology Environment, Section 11 – Assessing Your Suppliers, Section 12 – Direct Marketing, Section 13 – Privacy Notice(s), Section 14 – The Regulation and Articles, Index

Andrew Denley is a GDPR Compliance Consultant with 35 years’ experience in the research, intelligence, government and commerce sectors in both technical and consultancy capacities. In recent years he has championed and implemented information security risk analysis and framework compliance for a number of commercial companies with considerable success. An ISO27001 Lead Auditor, he has been listed on the International Register for Certified Auditors.

Mark Foulsham is Chief Digital Officer at Scope, CEO of Surrey Innovations, and Director of CIO Connect, UK. He has experience spanning over 30 years in leading both business and technology disciplines within organizations and has supported businesses from the Financial Services, wider commercial sector, universities and social enterprises in achieving their GDPR compliance programmes.

Brian Hitchen is a GDPR Compliance Consultant and author with 30 years’ experience working as an IT Security Manager for a number of financial services organizations. With an interest in cyber crime and the impact on small to medium businesses, Brian now writes to help companies better understand IT security, risks and issues, contingency planning and data analysis and plan what they need to do to counter the latest threats and deal with legislation.