Data Protection and the New UK GDPR Landscape
Featured are important recent developments including the Morrisons data breach case and the ECJ judgment on data transfers under the US/UK Privacy Shield.
Data Protection: The New UK GDPR Landscape takes the reader through the key principles of data protection law and explores the scope of UK legislation and how to assure compliance with the law. Also featured are important recent developments including the Morrisons data breach case and the ECJ judgment on data transfers under the US/UK Privacy Shield.
Chapters will cover:
a brief history of UK data protection law
understanding terminology and how it is used
the key data protection principles
what it means to be a data controller or data processor
transparency – how to draft privacy policies
what is special about ‘special category data’?
children’s data – duties reflecting the position of children
international data transfers – the new UK approach
information governance – what the law expects
managing subject access rights
artificial intelligence and data protection – the tension between innovation and privacy
the likely future pathway for data protection in the UK
Each topic is illustrated with case studies and references to relevant case law.
This Special Report will be of interest to in-house counsel and individuals responsible for personal data management and governance, including data protection officers and anyone with responsibility for data systems and infrastructure at a senior level.
Table of Contents
|Table of Contents||3|
|I. A brief history of data protection in the UK||9|
|II. Personal data, control and processing defined||17|
|III. The key data protection principles||23|
|IV. Demonstrating that processing is lawful||35|
|V. What it means to be a data controller or processor||41|
|VI. Transparency – how to draft privacy notices||49|
|VII. What’s special about ‘special category’ data?||55|
|VIII. Children’s data – taking extra care||65|
|IX. Managing photographs and video personal data||75|
|X. Information governance – what the law expects||81|
|XI. Managing subject access rights||99|
|XII. The role of the Information Commissioner’s Office and data protection enforcement||111|
|XIII. Artificial intelligence and data protection||123|
|XIV. Data protection post-Brexit – the hot topics||133|
|About the author||143|
|About Globe Law and Business||144|
Director, commercial law, Freeths LLP
Frank Suttie is a commercial law practitioner with UK law firm Freeths. A graduate in both accountancy and law, Frank advises both public and private sector clients on data protection and privacy matters. He is particularly recognised for his work in the education sector having played a leading role in the development of data protection compliance programmes across a number of colleges, schools and academy trusts and more recently becoming an adviser to a number of education technology businesses.