Our website is set to allow the use of cookies. For more information and to change settings click here. If you are happy with cookies please click "Continue" or simply continue browsing. Continue.

  • Data Protection

Data Protection

The New Rules


Is a complete guide to the current and new data protection rules, and is based on the final published text of the new Regulation.

Paperback i

Book printed softcover

Other relevant online products

* Call 0330 161 1234 to find out more about online services

Data protection has become a minefield of complex rules and regulations. Personal data is hedged around with all sorts of controls to ensure its safely from prying eyes. The new Regulation will add to the plethora of laws that effect every organisation, large and small, that handles personal data. The new rules will require many changes to business systems, policies and procedures and the entire approach of the organisation to personal data. Company secretaries and directors will be responsible to see that their companies comply with these new requirements.

This new book condenses a mass of EU and UK documentation into one practical and easy-to-read manual, guiding you through all the relevant changes simply and clearly. It provides comprehensive description of the legal and regulatory provisions, commentary on business requirements, examples and sample data protection and information policies.

This book analyses the regulatory obligations and business requirements of the new EU General Data Protection Regulation. This Regulation will replace the existing data protection regime. The book covers both the current regime and the changes to come. Contents include: requirements for consent to data processing; information for data subjects; marketing requirements; data security; outsourcing, including the cloud; data transfer outside the EU; data protection by design and by default; data protection impact assessment; rights of data subjects, including fines and penalties; and record-keeping.
The Current Regime:

  • Introduction
  • Notification System
  • Rights of Access
  • Other Rights
  • Security and Outsourcing 
  • Sending Personal Data Abroad
  • Remaining Obligations
  • Enforcement and Compliance

The New Regime:

  • General Principles
  • Data Processing and Security
  • Special Categories of Data
  • Rights of the Data Subject
  • Compliance
  • Enforcement
  • Sample Data Protection Policy and Information Security Policy 
  • Breach Notification Form
  • Personal Information Online Checklist
  • Guide to Outsourcing
  • Guide to IT Security
  • Direct Marketing Checklist
  • Handling Subject Access Requests
"it is essential reading for all data controllers and data processors and anyone responsible for handling personal data"
Click here to read the full review
Watch the review
An appreciation by Phillip Taylor MBE and Elizabeth Taylor of Richmond Green Chambers

"Ian Long is to be commended on producing a very readable textbook setting out the current European and domestic data protection laws along with some practical case studies and commentary. The book includes a thorough review of the new European general data protection regulation and provides useful context by way of comparison to the current 1995 European data protection directive which it is due to replace in May 2018. The book will be a valuable aid to executives and legal and compliance personnel who wish to enhance their understanding of the emerging data protection framework in Europe. It is particularly well set out and highly readable which is a testament to the author who has managed to condense a volume of complex legislation into a digestible text. For this reason it will also serve the interests of those who are relatively new to the subject".

Rob Corbet, Partner, Arthur Cox. 2016



1.1 This book provides a concise introduction to data protection law and considers issues that may arise in the daily work of company directors, company secretaries and administrators. In doing so, it takes account of the fact that company directors, secretaries and administrators often have a number of functions in addition to their usual administration activities – the book includes a brief introduction on the practical effect of data protection law on the activities of commercial organisations.

1.2 Part 2 of this book provides a guide to the new regime brought about by the General Data Protection Regulation of the European Union, which will impose a new regime on companies and organisations of all kinds that hold personal data relating to their clients, customers, employees and third parties; in other words, almost every organisation that does business with individual customers or provides a service to them (see Chapter 10 et seq).

1.3 Data protection is a relatively new addition to laws that affect company administration. For this reason, it is important to keep up to date with developments as new practices and procedures become standard.

1.4 This book will be updated to reflect both changes in the law and the needs of its readers. The author would be pleased to receive (via the publisher) comments from readers as to how the book can be improved to better meet those needs.


1.5 Driven largely by an aspiration for Europe-wide privacy rights for individuals, various legal measures culminated in a 1995 European Directive (95/46/EC) under which all Member States of the European Union, including the UK, were obliged to create new law on the ‘processing of personal data’.

1.6 The Data Protection Act 1998 (‘DPA’ or ‘the Act’), the statutory provision under which the UK implemented the 1995 Directive, came into force on 1 March 2000.

1.7 Data protection is essentially that area of the law that governs what may, and may not, be done with personal information. This information may be in electronic form (eg stored on a computer hard drive) or manual (eg paper-based) form. Although the law applies to all electronically processed personal data, it applies only to some types of paper-based records.


1.8 In the UK, data protection law is enforced by the Information Commissioner’s Office (‘ICO’ or ‘the Office’). The current Information Commissioner is Christopher Graham, who was appointed in June 2009. In April 2010, the Commissioner was given the power to impose fines on organisations for data protection breaches – up to £500,000 per breach. Since November 2011, over 100 organisations have been fined sums ranging from £60,000 to £300,000 – see further details in Chapter 9.

1.9 Data protection law is due to change over the next couple of years due to the European Commission’s decision to revise and update the law, after extensive discussions with the European Parliament and the Council of Ministers. This new law is the General Data Protection Regulation (‘the Regulation’ or ‘the new Regulation’) discussed in Part 2 of this book.

1.10 The new Regulation will make it a legal requirement for some private sector organisations (such as limited companies and public limited companies) that store or use personal information to employ a qualified Data Protection Officer. Companies are well advised to prepare for this requirement by arranging for a designated member of staff to be trained in data protection matters.

1.11 The Regulation will increase the level of fines that can be imposed by the ICO, from the current £500,000 per breach of the DPA to a maximum fine of €20 million per breach of the Regulation or up to 4% of a company’s/group’s total annual turnover, as appropriate.

1.12 The new Regulation will also make the reporting of breaches to the ICO compulsory in certain circumstances.

Data protection has been in the news a lot recently, and affects companies and organisations of all kinds that handle personal data in the course of their business. Here, Ian Long discusses his new book on what the new data protection rules mean for you.  

Click here to listen.

Have a question about this product? Please get in touch by completing the boxes below.

You May Also Like

Jordan Publishing Company Administration and Governance

Jordan Publishing Company Administration and Governance

"This is an indispensable aid to the busy company secretary. The text is clear, the precedents...

Available in Lexis®Library
Social Media in the Workplace

Social Media in the Workplace

A Handbook

This book is intended as a handbook for advisers to employers, providing an overview of the...

Available in Lexis®Library
Jordan Publishing Company Secretarial Precedents

Jordan Publishing Company Secretarial Precedents

Precedents and forms dealing with every aspect of company administration