The GDPR Handbook

Ardi Kolah

Published by
Kogan Page
ISBN 978-0-7494-7494-2
RRP £49.99
Reviewed by Peter Wheatcroft CEng FIET CITP FBCS FCMI

9 out of 10

Our inboxes have recently been deluged with emails from companies seeking permission for us to continue receiving their marketing material, many of whom have previously sent us very little and some of which we didn’t even know had our email addresses. This is the most visible aspect of the GDPR, or General Data Protection Regulation that came into force throughout the EU on 25 May 2018. The GDPR supersedes and harmonises the existing data protection and privacy laws in all 28 member states - including here, as the UK has decided to adopt this as best practice.

However, the GDPR is not solely concerned with gaining explicit consent for us to continue receiving emails and neither can it be consigned to history. The unfortunate thing about GDPR is that it has become known by its abbreviation rather than what it covers, namely Data Protection, which is just as important as before but where the new regulations mandate tighter controls and stricter obligations on us all. Recent high profile data breaches and unauthorised use of personal information gathered by AI applications and data mining serve as timely reminders of how important our data is and how it needs to be kept secure and only used for purposes that we explicitly agree to.

So the availability of a reference book about GDPR is really interesting. Whilst efforts to gain explicit consent for marketing communications have focused on the 25 May 2018 deadline, it can readily be seen from reading this book that the work cannot stop there and there is still much to do in terms of ensuring the controls we implement are visible, effective and cover all the GDPR chapters and sections. So, if the recently identified Data Protection Officer (DPO) in an organisation is to be effective, he/she needs to understand how much more there is to be done to fully comply with GDPR - which is where this book can help. It’s weighty tome stretching to 352 pages but is easy to read and hence can be used as a reference at any point and on any topic. The chapters are laid out in a structured fashion with ‘how to’ pointers where relevant and there is little use of jargon, although a new term - pseudonymization - creeps in as an example of a PET (Privacy Enhancing Technology), but that’s understandable. Anyone who has come across BS10012:2009, the specification for personal information management along with a set of associated guidelines for the use of personal data in system testing, will realise that use of personal data in system trials and stress testing is not acceptable unless anonymity can be controlled. It’s pleasing to see this aspect has been brought out in the chapters with examples of what to do.

This is a book that is not as out of date as the May 2018 deadline could imply. It’s a new publication that covers the whole GDPR spectrum - and more - and so is worthy of being on your bookshelf. The author has the highest possible credentials in this field and the only reason this scores 9/10 instead of 10/10 is that it became available on 3 June 2018, which means more people would have been able to benefit from the wisdom it contains before embarking on their, albeit email-focused, 25 May projects.

Further information: Kogan Page

July 2018