LRD Booklets March 2018

The General Data Protection Regulation - a practical guide for trade unionists

buy now

Introduction

Introduction
 [pages 3-5] (1,130 words)

On 25 May 2018, data protection laws in the UK will be strengthened by the implementation of the EU General Data Protection Regulation (No.2016/679) ...
Open access

Chapter 1

1. The legal framework
 [ch 1: page 6] (144 words)

The purpose of the GDPR is to protect the privacy of individuals whose personal information is used by someone else other than for purely personal ...
Subscribers only

Who does the GDPR apply to?
 [ch 1: page 6] (248 words)

What is personal data?
 [ch 1: pages 6-7] (113 words)

What is processing?
 [ch 1: page 7] (412 words)

Territorial scope
 [ch 1: page 8] (206 words)

Accountability [ch 1: page 8] (162 words)

Data protection by design and default
 [ch 1: page 9] (353 words)

Keeping records
 [ch 1: page 9] (97 words)

Data controllers
 [ch 1: page 10] (125 words)

Data processors
 [ch 1: page 10] (100 words)

Security
 [ch 1: pages 10-11] (211 words)

Data protection impact assessment
 [ch 1: page 11] (190 words)

Data protection officer
 [ch 1: pages 11-12] (203 words)

Derogations and special conditions
 [ch 1: pages 12-13] (535 words)

Chapter 2

2. The data protection principles
 [ch 2: page 14] (302 words)

When personal data is processed (see the definition in the previous chapter) it must be done in accordance with the data protection principles which ...
Subscribers only

Lawful processing [ch 2: pages 14-15] (326 words)

Choosing the lawful basis [ch 2: pages 15-16] (536 words)

Consent [ch 2: pages 16-17] (370 words)

Change of purpose [ch 2: pages 17-18] (468 words)

Special categories of data [ch 2: pages 18-20] (520 words)

A lawful basis for processing personal data: an ICO checklist:
 [ch 2: page 20] (235 words)

Security [ch 2: pages 20-21] (211 words)

Exceptions [ch 2: page 21] (115 words)

Chapter 3

3. The duty to provide information
 [ch 3: page 22] (164 words)

To aid fairness and transparency in the processing of personal data so that the individual’s rights are protected, the GDPR requires data ...
Subscribers only

Information for the processing of data
 [ch 3: page 22] (61 words)

Personal data collected from the individual
 [ch 3: pages 22-23] (374 words)

Change of purpose
 [ch 3: page 23] (54 words)

Personal data not collected from the individual
 [ch 3: pages 23-24] (323 words)

Timescale for providing information
 [ch 3: page 24] (93 words)

Change of purpose
 [ch 3: page 25] (64 words)

Data subject access
 [ch 3: page 25] (90 words)

Privacy notices and code of practice
 [ch 3: pages 25-26] (563 words)

Chapter 4

4. The rights of individuals
 [ch 4: page 27] (124 words)

The GDPR has strengthened the rights of the individual whose personal data is processed (the data subject). Those rights are contained in Articles 12 ...
Subscribers only

Right of access
 [ch 4: page 27] (242 words)

Timescale and form of response
 [ch 4: pages 27-28] (205 words)

Failure to provide information
 [ch 4: page 28] (118 words)

Establishing identity
 [ch 4: pages 28-29] (137 words)

Right of rectification
 [ch 4: page 29] (49 words)

Right to be forgotten
 [ch 4: page 29] (262 words)

Right to restrict processing
 [ch 4: page 30] (261 words)

Right to data portability
 [ch 4: page 30] (136 words)

Right to object
 [ch 4: page 31] (151 words)

Automated decision-making
 [ch 4: pages 31-32] (279 words)

Personal data breaches
 [ch 4: page 32] (80 words)

Chapter 5

5. Data protection in practice
 [ch 5: page 33] (282 words)

Previous chapters explain the principles of data protection and the legal requirements. Most of the responsibility for putting in place procedures to ...
Subscribers only

Processing personal data
 [ch 5: pages 33-34] (241 words)

Fairness
 [ch 5: page 34] (166 words)

Security
 [ch 5: page 34] (145 words)

Organising and recruitment
 [ch 5: pages 34-36] (591 words)

Emails
 [ch 5: page 36] (75 words)

Casework
 [ch 5: page 36] (169 words)

Data protection in the workplace: FAQs
 [ch 5: pages 37-38] (563 words)

What to do in case of a breach
 [ch 5: page 38] (90 words)

Requests from data subjects
 [ch 5: page 38] (77 words)

Chapter 6

6. Breaches, enforcement and remedies
 [ch 6: page 39] (43 words)

A personal data breach occurs where there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised ...
Subscribers only

Notification of breach
 [ch 6: pages 39-40] (364 words)

Enforcement
 [ch 6: pages 40-41] (419 words)

Fines
 [ch 6: page 41] (279 words)

Dealing with a personal data breach
 [ch 6: pages 41-42] (225 words)

Chapter 7

7. Glossary of terms
 [ch 7: pages 43-45] (808 words)

Data subject The individual whose data is held Biometric data personal data resulting from specific technical processing relating to the physical, ...
Subscribers only

Further information

8. Further information
 [page 46] (149 words)

The Information Commissioner’s Office is responsible for enforcing the GDPR. Its Head Office is in Wilmslow; its Wales Office is in Cardiff; its ...
Subscribers only