Data Protection: Law and Practice 5th ed

What is Data Protection?

Data protection is an area of law that affects all of the public and private sector. It is linked to the developing law of privacy and the increased internationalisation of data management standards, as well as cybersecurity. The growth of outsourcing, technological developments and information uses in society means that the law governing this area is of increasing importance, particularly in the context of new media and platforms. The EU General Data Protection Regulation is the most important legislative change to affect the data protection landscape since the 1998 Data Protection Act and has implemented in the UK via the Data Protection Act 2018.

Data Protection Law and Practice, 5th edition, provides a comprehensive and expert review of the current state of data protection law in the UK, together with the background to the law. It covers the General Data Protection Regulation, its application in the UK under the Data Protection Act 2018, the implementation of Directive 2016/680 (the Law Enforcement Directive) and the new data protection regime which governs the UK intelligence services, as well as the Privacy and Electronic Communications (EC Directive) Regulations and the revised rules on the monitoring of business communications. Both the current application of the GDPR and its application after Brexit are considered in every chapter, as are the rules which apply to the processing of personal data for law enforcement purposes and the new rules for the processing of personal data by the intelligence services.

This new, fully updated edition:

• Covers everything a practitioner advising a company seeking to comply, or a client seeking redress, needs to know about the data protection regime in the UK, under domestic and European law
• Places the development of data protection norms in the international and national context, including the background to the major changes brought by the GDPR and Directive 2016/680
• Explains the important definitions and sets out specifically how the application and interpretation of the law will be impacted by Brexit
• Explores how the law will be interpreted, including the application of the case law developed by the EU Court of Justice and the UK courts.
• Describes the applicable CJEU cases in full
• Details the enhanced obligations which apply to both data controllers and data processors, including the security and data breach requirements, expanded data protection notices and record-keeping obligations, DPO appointments and others.
• Provides detailed analysis of the new and increased rights of data subjects and the impact of meeting those rights on data controllers
• Sets out the enforcement and fines regimes together with the powers of the Information Commissioner in the UK and the role and powers of the European Data Protection Board
• Analyses the interface with the UK access regimes under freedom of information legislation
• Discusses the new and important obligations placed on data processors under the GDPR and DPA 2018
• Fully explains the rules on the transfer of personal data outside the European Union and the UK, including under the Privacy Shield and other transfer mechanisms