BOOK REVIEW: ​Data minefield

For those who think the ‘right to erasure’ is about an entitlement to reminisce with some 1980s synth-pop (which indeed should perhaps be enshrined in law), you need to read this book.

The impact of the General Data  Protection Regulation (GDPR) is likely to affect just about every business. It is important that solicitors understand it, not just for their own practices but for commercial clients too. We have all seen the headline-grabbing fines available to the ICO for those in breach, but the motivation for understanding these regulations should be that the aims of the GDPR are sensible.

Think how different our lives are now just in terms of technology compared to when the Data Protection Act 1998 came into force. The proper handling of other people’s personal data should be a priority; after all, it is what we would want for our own personal data. This is not something just for the IT department to consider. The GDPR is technology-neutral, so the way you handle physical files needs an overhaul as well. Regular training of staff with regard to data protection will be essential.

This guide to the new law was always going to be a dry read. A practical toolkit it is not; a thorough summary of the regulations it is. I recommend it not only to those who practise in the area of data protection but also to those responsible for implementing GDPR in their firm. I have read a variety of publications which summarise the new law but I like this guide because it is comprehensive, authored by an expert and has the regulations annexed to it.

It has been said widely that there needs to be ‘buy-in’ at a senior level in businesses that need to implement the GDPR. Anyone serious about that would do well to set aside some time for this publication.

Philip Giles is a partner at Giles Wilson in Essex