EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition

Understand your GDPR obligations and prioritize the steps you need to take to comply

The GDPR gives individuals significant rights over how their personal information is collected and processed, and places a range of obligations on organizations to be more accountable for data protection.

The Regulation applies to all data controllers and processors that handle EU residents’ personal information. It supersedes the 1995 EU Data Protection Directive and all EU member states’ national laws that are based on it – including the UK’s DPA (Data Protection Act) 1998.

Failure to comply with the Regulation could result in fines of up to €20 million or 4% of annual global turnover – whichever is greater. This guide is a perfect companion for anyone managing a GDPR compliance project. It provides a detailed commentary on the Regulation, explains the changes you need to make to your data protection and information security regimes, and tells you exactly what you need to do to avoid severe financial penalties.

Clear and comprehensive guidance to simplify your GDPR compliance project

Now in its fourth edition, EU General Data Protection Regulation (GDPR) – An Implementation and Compliance Guide provides clear and comprehensive guidance on the GDPR. It explains the Regulation and sets out the obligations of data processors and controllers in terms you can understand.

Topics covered include:

• The DPO (data protection officer) role, including whether you need one and what they should do
• Risk management and DPIAs (data protection impact assessments), including how, when, and why to conduct one
• Data subjects’ rights, including consent and the withdrawal of consent, DSARs (data subject access requests) and how to handle them, and data controllers and processors’ obligations
• Managing personal data internationally, including updated guidance following the Schrems II ruling
• How to adjust your data protection processes to comply with the GDPR, and the best way of demonstrating that compliance
• A full index of the Regulation to help you find the articles and stipulations relevant to your organization

“Its practical approach to various aspects of the GDPR will be of value to DP practitioners in organisations of all sizes”

- Laura Linkomies, Privacy Laws and Business Report, September 2017

Supplemental material

While most of the EU GDPR’s requirements are broadly unchanged in the UK GDPR, the context is quite different and will have knock-on effects. You may need to update contracts regarding EU–UK data transfers, incorporate standard contractual clauses into existing agreements, and update your policies, processes, and procedural documentation as a result of these changes.

Supplements that set out specific extra or amended information are now available for the bestselling titles EU General Data Protection Regulation (GDPR) – An implementation and compliance guide, fourth edition and EU GDPR – An international guide to compliance, which focus on identifying the key changes and context relating to the UK GDPR. As such, the information contained within the supplements is primarily of interest to organizations in the UK, organizations that process the personal data of UK residents, and organizations that process personal data on behalf of organizations in the UK.  

 Please visit the publisher’s website to access the supplements