For many small businesses, organisations, clubs, artists, faith groups, voluntary organisations/charities and sole traders, applying the General Data Protection Regulation (GDPR) has been like playing a game of "Snakes and Ladders". As soon as you move along the board and climb a ladder, a snake appears, which takes you right back to where you started. Conflicting advice abounds and there is nowhere for these individuals to go for simple answers all in one place. With the threat of fines seeming around every corner, now more than ever is the time for smaller organisations to get to grips with GDPR so that they can demonstrate their compliance.

GDPR: A Game of Snakes and Ladders is an easy to read reference tool, which uses simple language in bite size easily signposted chapters. Adopting a no-nonsense approach, the Regulation is explained so that organisations can comply with the minimum of fuss and deliver this compliance in the shortest timeframe without the need to resort to expensive consultants or additional staff. The book is supported by a variety of easy to follow case studies, example documents and fact sheets. The author signposts warnings and important requirements (snakes) and hints and suggestions (ladders) and also provides a section on staff training and a Game of Snakes and Ladders training slide pack. Additional resources are available on the companion website.

This user-friendly book, written by a Data Protection Officer and business management specialist will help you understand the Regulation, where it applies in your organisation and how to achieve compliance (and win at the compliance game).

List of Tables and Figures, List of Quotes and Case Studies, Preface/Introduction, Chapter 1 WHAT IS THE GENERAL DATA PROTECTION REGULATION (GDPR)? Basic Concept of GDPR, Key Principles or GDPR, The Link to Previous Legislation, The European Data Protection Board and National Supervisory Authorities, Who has to Comply with GDPR? What has GDPR Changed, The Penalties for Data Breaches, GDPR Compliance as an Ongoing Journey, What Must You Do? CHAPTER 2 GDPR TERMINOLOGY, GDPR Terms – People or Entities, GDPR Terms - Types of Personal Data, Key Terms – Actions, GDPR Terms – Consent, GDPR Terms – The Principles of GDPR, GDPR Terms - Lawful Basis, GDPR Terms - Subject Rights, CHAPTER 3 THE GDPR ARTICLES AND RECITALS, The Recitals of GDPR, The GDPR Articles Explained "in a Nutshell", CHAPTER 4 APPLYING GDPR TO YOUR ORGANISATION, How Does GDPR Apply to my Business? Communication, Privacy Notices, Checking how well you are doing with your preparations, CHAPTER 5 DATA CONTROLLERS, DATA PROCESSORS AND THE DATA PROTECTION OFFICER, Definition of Processing, Data Controllers, Data Processors, Security of Processing, Data Protection Officer (DPO), CHAPTER 6 ANALYSING WHAT PERSONAL DATA YOU HOLD, What is Personal Data? Special Categories of Information, What is Processing? What does GDPR Mean by Identified, Personal Data in the Case Study Organisation, Deciding What Information Can Be Used to Identify A Person, Fill in the Personal Data Grid for your organisation, CHAPTER 7 PRIVACY POLICIES AND NOTICES, Why do I need a Privacy Policy? What Information Should a Privacy Document Contain? How Should Privacy Information be Presented, Deciding What Your Privacy Document Includes, Benefits of A Privacy Policy, The Layered Approach, Creating a Privacy Notice/Statement, GDPR Consent, CHAPTER 8 RECORDING YOUR PROCESSING ACTIVITIES, Why do I need to Map the Data? Is a Data Flow Analysis or Data Audit Compulsory? How Long Will It Take? Understanding how Data Flows in an Organisation, Data Audit, Data Security, Data Protection Impact Assessment (DPIA), Data Subject’s Rights, CHAPTER 9 SHARING INFORMATION ELECTRONICALLY, Email, Direct Marketing, Physical Security, 9.9 WhatsApp and Messenger, Email Security and The Data Governance Policy, CHAPTER 10 DATA BREACHES, What is a Data Breach? Reporting a Data Breach, Planning How to Deal with a Breach, Staff Training, CHAPTER 11 KEEPING DATA SAFE, The Risks to Your Data, The GDPR Data Security Requirement, What does Data Security Mean? Identify Data Security Risks, Put in Place Data Security Measures, Physical Security Measures, Cyber Security Measures, Testing Your Security Measures, ISO27001/2:2013, Data Security Terms, Keeping yourself "Cyber safe", CHAPTER 12 RETAINING AND DELETING DATA, Retaining Data, Anonymisation, Pseudonymisation, Deletion, The Right of Erasure, Retaining Data from Dashcams/Helmet cams/CCTV, CHAPTER 13 AN INDIVIDUAL’S RIGHTS UNDER GDPR, Providing Information to Individuals, Data Subject’s Rights, Individual’s Data Access Options, Subject Access Request, Freedom of Information, Accessing Educational and Medical Records, Individuals Rights - Exemptions, CHAPTER 14 GDPR TRAINING, The Requirement, What Should the Training Include? Guidance on Handling, Retaining, Sharing and Deleting Data, Details of How the Organisation Uses Marketing Including Direct Under GDPR, Data Minimisation, Individuals Rights, Resource Links, Index