You are previewing Data Protection and Compliance in Context.
O'Reilly logo
Data Protection and Compliance in Context

Book Description

This comprehensive accessible guide for those with little or no legal knowledge provides detailed analysis of current data protection laws. It enables the reader to construct a platform on which to build internal compliance strategies. The author is chair of the National Association of Data Protection Officers (NADPO).

Table of Contents

  1. Copyright
  2. Figures and tables
  3. About the author
  4. Acknowledgements
  5. Abbreviations
  6. Glossary
  7. Useful Websites
  8. Preface
  9. 1 Introduction to Data Protection
    1. DATA PROTECTION IN THE UK – THE DATA PROTECTION ACT 1998
    2. OVERVIEW AND HISTORY OF DATA PROTECTION LAWS
    3. KEY ASPECTS WITHIN DATA PROTECTION LAWS
    4. KEY WORDS AND PHRASES – DATA, PERSONAL DATA AND PROCESSING
    5. THE DPA – IMPORTANT MISCELLANY
  10. 2 Transparency
    1. INTRODUCTION
    2. CONSENSUAL PROCESSING (INCLUDING THE FIRST DATA PROTECTION PRINCIPLE)
    3. FAIR PROCESSING (THE FIRST DATA PROTECTION PRINCIPLE)
    4. PROCESSING FOR SPECIFIED PURPOSES (THE SECOND DATA PROTECTION PRINCIPLE)
    5. NOTIFICATION
    6. THE RIGHT OF ACCESS TO PERSONAL DATA
    7. INFORMATION NOTICES
    8. PART IV EXEMPTIONS
  11. 3 General Rules on Lawfulness
    1. INTRODUCTION
    2. THE FIRST DATA PROTECTION PRINCIPLE
    3. THE SECOND DATA PROTECTION PRINCIPLE
    4. THE THIRD DATA PROTECTION PRINCIPLE
    5. THE FOURTH DATA PROTECTION PRINCIPLE
    6. THE FIFTH DATA PROTECTION PRINCIPLE
    7. THE SIXTH DATA PROTECTION PRINCIPLE
    8. THE SEVENTH DATA PROTECTION PRINCIPLE
    9. SCHEDULE 2 CONDITIONS (FOR PERSONAL DATA AND SENSITIVE PERSONAL DATA)
    10. SCHEDULE 3 CONDITIONS (FOR SENSITIVE PERSONAL DATA)
    11. THE DATA PROTECTION (PROCESSING OF SENSITIVE PERSONAL DATA) ORDER 2000
    12. THE DATA PROTECTION (PROCESSING OF SENSITIVE PERSONAL DATA) (ELECTED REPRESENTATIVES) ORDER 2002
    13. THE DATA PROTECTION (PROCESSING OF SENSITIVE PERSONAL DATA) ORDER 2006
    14. PART IV EXEMPTIONS
  12. 4 The Right to Object
    1. INTRODUCTION
    2. SUBSTANTIAL AND UNWARRANTED DAMAGE OR DISTRESS
    3. DIRECT MARKETING
    4. AUTOMATED DECISION TAKING
    5. EXEMPT MANUAL DATA
    6. THE RIGHT TO OBJECT AND THE SIXTH DATA PROTECTION PRINCIPLE
  13. 5 Transborder Data Flows
    1. INTRODUCTION
    2. THIRD COUNTRIES AND ADEQUATE PROTECTION
    3. DEROGATIONS AND BINDING CORPORATE RULES
    4. DEROGATIONS AND CONTRACTUAL CLAUSES
    5. TRANSBORDER DATA FLOWS AND THE DPA
  14. 6 Privacy and Electronic Communications
    1. INTRODUCTION
    2. THE DIRECTIVE ON PRIVACY AND ELECTRONIC COMMUNICATIONS
    3. UK IMPLEMENTATION OF DPEC
    4. REGULATION OF INVESTIGATORY POWERS ACT 2000
    5. ANTI-TERRORISM, CRIME AND SECURITY ACT 2001
    6. RECONCILING RIPA AND ATCSA
  15. 7 Enforcing Data Protection Laws
    1. INTRODUCTION
    2. ENFORCEMENT BY THE DATA SUBJECT
    3. ENFORCEMENT BY THE DATA CONTROLLER
    4. ENFORCEMENT BY THE EUROPEAN COMMISSION
    5. ENFORCEMENT BY THE INFORMATION COMMISSIONER
    6. CRIMINAL PROCEEDINGS
  16. 8 Compliance
    1. INTRODUCTION
    2. PRIORITIZATION OF ACTION
    3. STAGE 1 – GATHERING INFORMATION ABOUT DATA
    4. STAGE 2 – LAWFULNESS AND THE CRITERION FOR LEGITIMACY
    5. STAGE 3 – IMPLEMENTING COMPLIANCE MECHANISMS
  17. REFERENCES
  18. Index