Anyone interested to find available documentation about GDPR could read thousands of web resources including best practices, buyer’s guides, solution handbooks or implementation kits. All of these are very useful, but many time we need more advised recommendation related to the General Data Protection Regulation. And the best way to find a bit of professional advice is to read a book. Despite we are living now in a fully digital era, many of us still need the classical page-to-page reading books – even in print or online version.

In my documentation process for the specific content of GDPR, I had to review some interesting book. Although many of us are on vacation, I think that this year-end period in which GDPR was a hot topic for all, is the best time to stay quiet and browse an interesting book.

Is important to note this is not a “Top 10” classification. Is just a personal selection. A recommended list of books selected by GDPR Ready Initiative having various criteria like subject popularity, reviewing notes, relevance, and EU coverage. Images credit to various online bookshops.

EU GDPR, A Pocket Guide, Second Edition

Authors: Alan Calder
Publishers: IT Governance Publishing, 76 pages, October 2018
Language: English

Now in its second edition, this bestselling book provides a clear understanding of the EU GDPR (General Data Protection Regulation). It has been updated to include guidance on related laws, including the NIS Directive and the forthcoming ePrivacy Regulation.

This essential pocket guide explains:

• The terms and definitions used within the GDPR in simple terms;
• The key requirements; and
• How to comply with the Regulation.

Alan Calder is an acknowledged authority on international cybersecurity and IT governance. He is the founder and executive chairman of IT Governance Ltd. Alan has published a wide range of books on IT governance and information security. These include the market-leading IT Governance: An International Guide to Data Security and ISO27001/ISO27002 (co-written with Steve Watkins), and bestselling guides to complying with regulations such as the GDPR and international standards such as ISO 27001. Alan has also developed training courses and consulted for clients in the UK and abroad. He regularly acts as a media commentator and speaker.

 

A Practical Guide to the General Data Protection Regulation (GDPR)

Authors: Keith Markham
Publishers: Law Brief Publishing, 168 pages, January 2018
Language: English

With everyone talking about the GDPR this book is intended to offer a guide through the maze of different requirements and also separate fact from myth. Beginning with a succinct summary of the key changes being introduced by the GDPR, emphasis then shifts to what needs to be done practically by way of response. Written in an accessible style and containing lots of useful resources, it is suitable for lawyers and non-lawyers alike who are seeking to better understand this topic and to comply with their obligations in common sense and risk-focused manner.

Keith Markham qualified as a Solicitor in 2001 and now works as a freelance training consultant. Drawing on his considerable experience Keith has designed and delivered a wide variety of training for BPP Professional Education and other providers as well as for his own clients in the commercial law field. In particular, he teaches topics relating to data protection and commercial contracts to lawyers and non-lawyers alike. He is also currently involved in a number of GDPR compliance projects.

GDPR: Guiding Your Business To Compliance: A practical guide to meeting GDPR regulations

Authors: Mark Foulsham, Brian Hitchen
Publishers: Independent published, 293 pages, second edition February 2018
Language: English

Many companies are will struggling to approach the requirements in a practical and timely way. Written by two industry experts, this book allows you to navigate the regulations from a real-world business perspective. Whether you are an Information Security expert or a business manager, this book outlines some of the most straightforward and common sense approaches from starting the project all the way through to the end.

The authors have over 100 years’ collective international experience in security, compliance and business disciplines and know what it takes to keep companies secure and in-line with regulators’ demands.

 

The Essential Business Guide to GDPR: A business owner’s perspective to understanding & implementing GDPR

Authors: Alistair J Dickinson
Publishers: Independent published, 372 pages, March 2018
Language: English

A business owner’s perspective to understanding the need for GDPR, with shared knowledge of what you will have to complete. After spending many months trying to define the GDPR project response for MyCRM, it became apparent that a single resource that could help our team plan and implement using a defined set of templates was somewhat lacking. This book is for all business owners and DPO’s and gives an overview of all the steps involved when implementing your response and journey to compliance with GDPR. This book also comes with a number of templates available from an online website dedicated to MyCRM publications and updates, papers and further general information will be provided as GDPR become law in May 2018.

GDPR – Fix it Fast: Apply GDPR to Your Company in 10 Simple Steps

Authors: Patrick O’Kane
Publishers: Brentham House Publishing Company Ltd, 136 pages, December 2017
Language: English

Have you been assigned responsibility for GDPR compliance but don’t know where to start?  Have you been reading articles and books that go into lengthy detail about legal issues but have no practical advice?  Do you want someone to explain exactly how your company should comply with GDPR so you can sleep at night?  If so, then this book is for you. Fix it Fast will help you to implement the key requirements of GDPR.  It contains templates, outlines, examples and plain-English explanations to help you to:

• Complete your data inventory so you know where all your data is
• Start and finish your data map
• Draft and institute a Privacy Impact Assessment process
• Plan how you’ll deal with a Data Breach
• Implement Data Privacy Policies and Privacy Notifications
• And much more

This book’s 10 Simple Steps will take you from beginning to end of your GDPR readiness and implementation project.  This isn’t a legal book – it’s a practical, no-nonsense guide to getting the job done fast.

 

Data Sovereignty and Enterprise Data Management: Extending Beyond the European Union General Data Protection Regulation

Authors: Sunil Soares, Mark Gallman, Pamela Basil
Publishers: Information Asset, 158 pages, April 2017
Language: English

As with all enacted regulations, compliance requires a sound data governance program with effective enterprise data management. Data governance is the formulation of policy to optimize, secure, and leverage information as an enterprise asset by aligning the objectives of multiple functions. Enterprise data management refers to an organization’s ability to precisely define, easily integrate, and effectively retrieve data for both internal applications and external communication. This book, geared toward business users, outlines 16 core steps to operationalize a data governance program geared to data sovereignty compliance. Successful data sovereignty requires collaboration across the organization, including among those responsible for legal, risk, compliance, information technology, and enterprise data management. The amalgamation of skills and technology within the organization will support the operationalization. As organizations extend the reach of their operations and customer base and look to leverage the cloud for computing, data distribution, and application hosting, they must understand the ramifications their business and IT decisions could have with respect to data sovereignty laws. With the concepts outlined in this book, organizations will be equipped to move forward to address the challenges of data sovereignty.

The Data Protection Officer: Profession, Rules, and Role

Authors: Paul Lambert
Publishers: Auerbach Publications, 367 pages, December 2016
Language: English

The EU’s General Data Protection Regulation created the position of corporate Data Protection Officer (DPO), who is empowered to ensure the organization is compliant with all aspects of the new data protection regime. Organizations must now appoint and designate a DPO. The specific definitions and building blocks of the data protection regime are enhanced by the new General Data Protection Regulation and therefore the DPO will be very active in passing the message and requirements of the new data protection regime throughout the organization. This book explains the roles and responsibilities of the DPO, as well as highlights the potential cost of getting data protection wrong.

Paul Lambert, PhD, lawyer, consultant, adjunct lecturer, is the author of various books on data protection, internet, social media and courtroom broadcasting including The Laws of the Internet (4th edition), International Handbook of Social Media Laws, A Users’s Guide to Data Protection and Television Courtroom Broadcasting Effects, and has published many articles in various professional, trade and academic journals including the European Intellectual Property Review. He speaks regularly at conferences and events across Europe and Asia on data protection, Internet, intellectual property, information technology, and courtroom broadcasting.

 

Le Délégué à la protection des données (DPO): Clé de voûte de la conformité (English: The Data Protection Officer, DPO: Keystone of Compliance)

Authors: Aline Alfer, Amandine Kashani-Poor, Garance Mathias
Publishers: Revue Banque, 120 pages, October 2017
Language: French

The objective of this book is to present and clarify in an operational way the positioning, the profile and the missions of the DPO on reading the GDPR, the recommendations of the National Commission for Informatics and Liberties (CNIL), the Group Article 29 (G29) and the expertise of the authors. Which responsibilities? Which means? What guarantees of independence? What ecosystem? This Essential offers practical recommendations allowing the interested parties to appropriate the role of the DPO, whatever the size of the company – from FinTech to the big banking group – and highlights the potential asset that the regulatory environment can represent. in the performance of the DPO’s missions. The authors propose, based on their own experiences in the implementation of compliance strategies, practical tools for the DPO in an Anglo-Saxon perspective of accountability. The book aims to accompany the new DPOs, the CILs in their necessary transition to a renewed function but also, more broadly, all the players involved in the ecosystem of personal data processing.

Mathias is Lawyer at the Paris Bar, Founder of Mathias Avocats and expert at the Council of Europe. Its activity is dedicated to business law and the legal issues raised by innovative technologies.
Kashani-Poor is an IT and Freedoms Correspondent of the French Development Agency. She has developed expertise in personal data protection law in the non-profit, retail and insurance sectors.
A. Alter is Attorney at the Paris Bar, Mathias Avocats. She intervenes both in consulting and litigation mainly in personal data protection law.

Guide Juridique du RGPD – La réglementation sur la protection des données personnelles (English: GDPR Legal Guide – The regulation on the protection of personal data)

Authors: Gérard HAAS
Publishers: Editions ENI, Collection Datapro, 204 pages, April 2018
Language: French

The purpose of this guide is to help companies to make the new law an opportunity and not a constraint for innovation, competitiveness and trust. After describing the context of the adoption of the new Data Protection Act and the GDPR and explained the concept of Accountability, the book focuses on the identification of the processing of personal data (Chapite1) then to determine how the controller should s ensure the legality of treatments (Chapter 2), what tools it has for its “compliance” (Chapter 3) and to secure treatments (Chapter 4). The chapters of the book: Foreword – Introduction – Identifying treatments – Ensuring the legality of treatments – The tools of Compliance – Securing treatments.

Founder of the Cabinet HAAS-Avocats, Gérard HAAS is a doctor of law, Lawyer at the Court of Appeal of Paris, a specialist in the law of intellectual property, communication and information and Expert INPI. Speaker, he speaks at ESCP-Europe, HEC Executive Education.

 

Datenschutz-Compliance nach der DS-GVO: Handlungshilfe für Verantwortliche inklusive Prüffragen für Aufsichtsbehörden (English: Data protection compliance according to the DS-GVO: Guidance for responsible persons including questions for supervisory authorities)

Authors: Thomas Kranig, Andreas Sachs, and Markus Gierschmann
Publishers: Bundesanzeiger, 230 pages, March 2017
Language: German

The book includes an introduction to the DS-GVO and explains the essential requirements for those responsible. Special attention is paid to the fulfilment of the accountability and its proof as well as the regular review of the effectiveness. It will answer general questions of data processing, ensuring data subject rights and the handling of data breaches, and will provide assistance for the recurring daily planning, operation, evaluation and improvement cycle. A comprehensive questionnaire catalogue provides clues as to how a supervisory authority checks compliance with the data protection compliance of those responsible and contract processors, and what expectations it has of the answers.

Thomas Kranig, lawyer, President of the Bavarian State Office for Data Protection Supervision (BayLDA),
Andreas Sachs, Dipl.-Informatiker, Head of the technical department at the Bavarian State Office for Data Protection Supervision (BayLDA) and
Markus Gierschmann, Dipl.-Wirtschaftsingenieur, Finance Economist (ebs), CIPP / E, CIPM, Data Protection Officer (udis, TÜV), Data Protection Auditor (TÜV), Management Consultant