Abstract
The General Data Protection Regulation (GDPR) was introduced in May 2018 as a legally binding requirement for all EU member states. In his chapter, on how businesses are living with the demanding requirements GDPR sets out, Mark Foulsham draws on the work he undertakes with a wide range of organisations. He highlights the realities of adopting a new and complex privacy model and how high-profile failures may have a dramatic impact on business success. His chapter provides a consolidated overview of how GDPR came into existence, its aims and lessons learned so far. Mark brings his pragmatic style firmly to bear as he navigates his way through the essence of the Regulation that is now the gold standard for data privacy compliance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bachmann, A. (2018). GDPR: The New European Data Protection Law and Its Impacts On Affiliate Marketers. https://www.itproportal.com/features/gdpr-the-new-european-data-protection-law-and-its-impacts-on-affiliate-marketers/. Accessed 27 November 2018.
BBC News. (2014). EU Court Backs ‘Right to Be Forgotten’ in Google Case, 13 May 2014. https://www.bbc.co.uk/news/world-europe-27388289. Accessed 19 November 2018.
Bloomberg. (2018). British Airways Facing Massive Fine Under GDPR After Data Breach, 7 September 2018. https://www.insurancebusinessmag.com/uk/business-news/british-airways-facing-massive-fine-under-gdpr-after-data-breach-110711.aspx. Accessed 19 November 2018.
Butterworth, B. (2018). British Airways Faces £500m Fine Over Data Breach That Saw Thousands of Customers’ Card Details Stolen. https://inews.co.uk/news/british-airways-data-attack-record-fine-threat/. Accessed 19 November 2018.
Cadwalladr, C., and Graham-Harrison, E. (2018). Revealed: 50 Million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach. The Guardian, 17 March. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election. Accessed 26 November 2018.
CBR Government. (2018). No ‘Fixed Point’ for GDPR Compliance, Says ICO Chief, 4 January 2018. https://www.cbrgovernment.com/policy/no-fixed-point-for-gdpr-compliance-says-ico-chief/. Accessed 19 November 2018.
Cimpanu, C. (2018). UK Watchdog Has Not Issued Any GDPR Data Breach-Related Fines Yet, 18 September 2018. https://www.zdnet.com/article/uk-watchdog-has-not-issued-any-gdpr-data-breach-related-fines-yet/. Accessed 19 November 2018.
Davis, B. (2017). GDPR for Marketers: Five Examples of ‘Legitimate Interests’. https://econsultancy.com/gdpr-for-marketers-five-examples-of-legitimate-interests/.
Decision Marketing. (2016). TalkTalk Could Have Faced £70m Fine Under GDPR, 6 October 2016. https://www.decisionmarketing.co.uk/news/talktalk-could-have-faced-70m-fine-under-gdpr. Accessed 19 November 2018.
European Commission. (2018). The Article 29 Working Party Ceased to Exist as of 25 May 2018. http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=629492. Accessed 19 November 2018.
European Data Protection Board. (2018). Guidelines 1/2018 on Certification and Identifying Certification Criteria in Accordance with Articles 42 and 43 of the Regulation 2016/679. https://edpb.europa.eu/our-work-tools/public-consultations/2018/guidelines-12018-certification-and-identifying_en. Accessed 19 November 2018.
European Data Protection Supervisor. (2018a). The History of the General Data Protection Regulation. https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en. Accessed 19 November 2018.
European Data Protection Supervisor. (2018b). Mission. https://edps.europa.eu/about-edps_en. Accessed 19 November 2018.
European Parliament and of the Council. (1995). Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data. Date of End of Validity: 24/05/2018; Repealed by 32016R0679. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046. Accessed 19 November 2018.
European Parliament and of the Council. (2016). Regulation (EU) 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation). https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN. Accessed 19 November 2018.
Foulsham, M., and Hitchen, B. (2017). GDPR: Guiding Your Business to Compliance: A Practical Guide to Meeting GDPR Regulations (Edition 2). London: Independent Publishers.
Froud, D. (2018). There Is No Such Thing as GDPR Certification …Yet! April 2018. http://www.davidfroud.com/there-is-no-such-thing-as-gdpr-certification-yet/. Accessed 19 November 2018.
Government UK. (2018). Data Protection Act 2018. https://www.gov.uk/government/collections/data-protection-act-2018. Accessed 19 November 2018.
Heaphy, E. (2018). Facebook’s Fine for Mishandling the Data of 87 Million People Is Worth 15 Minutes of Its Profit, 11 July 2018. https://qz.com/1325687/facebooks-cambridge-analytica-fine-is-worth-15-minutes-of-profit/. Accessed 19 November 2018.
Hunton Privacy Blog. (2018). CNIL Publishes Initial Assessment of GDPR Implementation, 25 September 2018. https://www.huntonprivacyblog.com/2018/09/25/cnil-publishes-initial-assessment-gdpr-implementation/; https://www.cnil.fr/fr/rgpd-quel-premier-bilan-4-mois-apres-son-entree-en-application (in French). Accessed 21 November 2018.
ICO. (2018a). Data Protection Practitioners’ Conference 2018, 9 April 2018. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/04/data-protection-practitioners-conference-2018-ed/. Accessed 18 November 2018.
ICO. (2018b). Charity, 25 May 2018. https://ico.org.uk/for-organisations/charity/. Accessed 18 November 2018.
ICO. (2018c). Findings from ICO Information Risk Reviews at Eight Charities, April 2018. https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/2259675/charities-audit-201808.pdf. Accessed 19 November 2018.
ICO. (2018d). ICO Issues Maximum £500,000 Fine to Facebook for Failing to Protect Users’ Personal Information, October 2018. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/10/facebook-issued-with-maximum-500-000-fine/; https://www.theguardian.com/news/2018/apr/10/cambridge-analytica-and-facebook-face-class-action-lawsuit. Accessed 19 November 2018.
ICO. (2018e). Guide to General Data Protection Regulation. https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf. Accessed 27 November 2018.
ICO. (2018f). News, Blogs and Speeches. https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/. Accessed 27 November 2018.
International Organization for Standardization. (2018). Iso/Iec 17024:2012 Preview Conformity Assessment—General Requirements for Bodies Operating Certification of Persons. https://www.iso.org/standard/52993.html. Accessed 19 November 2018.
ITPro. (2018). GDPR News: Portuguese Hospital Hit with €400,000 Fine for Two GDPR Violations. https://www.itpro.co.uk/data-protection/28029/latest-gdpr-news-uk?tpid=189842655. Accessed 19 November 2018.
Keane, S. (2018). GDPR: Google and Facebook Face Up To $9.3B in Fines on First Day of New Privacy Law, 25 May 2018. https://www.cnet.com/news/gdpr-google-and-facebook-face-up-to-9-3-billion-in-fines-on-first-day-of-new-privacy-law/. Accessed 19 November 2018.
Lexicology. (2018). Guide to the General Data Protection Regulation. https://www.lexology.com/library/detail.aspx?g=fe64fbad-d514-492f-b4b2-2b6b204da0da%2F. Accessed 27 November 2018.
Osborne, C. (2018). Equifax Fined £500,000 Over Customer Data Breach. https://www.zdnet.com/article/equifax-fined-500000-over-customer-data-breach/. Accessed 20 November 2018.
PCI (2018). Payment Card Security Standards. https://www.pcisecuritystandards.org/. Accessed 19 November 2018.
Pearce, S. M. (2018). Dramatic Increase in French Privacy Complaints since GDPR. The National Law Review, 8 October. https://www.natlawreview.com/article/dramatic-increase-french-privacy-complaints-gdpr. Accessed 27 November 2018.
Robinson, T. (2018). Under Armour Deftly Manages Breach, Dodges GDPR Scrutiny. https://www.scmagazine.com/home/security-news/data-breach/under-armour-deftly-manages-breach-dodges-gdpr-scrutiny/. Accessed 19 November 2018.
Sky News. (2018). Facebook, Worth £445bn, Fined £500,000 For Data Breach, July 2018. https://news.sky.com/story/facebook-to-be-fined-500000-over-data-breaches-11432749. Accessed 19 November 2018.
Spittka, J., and Mirzaei, K. (2018). Germany: First Court Decision on GDPR. https://blogs.dlapiper.com/privacymatters/germany-first-court-decision-on-gdpr/. Accessed 19 November 2018.
The Guardian. (2018). Facebook Fined for Data Breaches in Cambridge Analytica Scandal. https://www.theguardian.com/technology/2018/jul/11/facebook-fined-for-data-breaches-in-cambridge-analytica-scandal. Accessed 19 November 2018.
Today NG. (2018). German Antitrust Authorities Prepare Sanctions Against Facebook, 8 January 2018. https://www.today.ng/technology/social/german-antitrust-authorities-prepare-sanctions-facebook-51800. Accessed 19 November 2018.
Townsend, K. (2017). Google’s $2.73 Billion Fine Demonstrates Importance of GDPR Compliance. https://www.securityweek.com/googles-273-billion-fine-demonstrates-importance-gdpr-compliance. Accessed 15 November 2018.
Valdez, A. (2018). Everything You Need to Know About Facebook and Cambridge Analytica. https://www.wired.com/story/wired-facebook-cambridge-analytica-coverage/. Accessed 26 November 2018.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 The Author(s)
About this chapter
Cite this chapter
Foulsham, M. (2019). Living with the New General Data Protection Regulation (GDPR). In: Krambia-Kapardis, M. (eds) Financial Compliance. Palgrave Macmillan, Cham. https://doi.org/10.1007/978-3-030-14511-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-14511-8_5
Published:
Publisher Name: Palgrave Macmillan, Cham
Print ISBN: 978-3-030-14510-1
Online ISBN: 978-3-030-14511-8
eBook Packages: Economics and FinanceEconomics and Finance (R0)