Book Review – Data Protection Strategy: Implementing Data Protection Compliance

October 15, 2012

The second edition of this book, from the very reliable team of Richard Morgan and Ruth Boardman, was published in late August; a lot of water has flowed under the bridge since 2003 when it first published. The essential aim and approach is unchanged. This is a book that aims to ‘assist the reader in assessing his personal data and setting up and maintaining compliant systems with as little theoretical discussion as possible’. To some extent, the target is the busy executive/data controller rather than the experienced lawyer; indeed, the back cover blurb and the publisher’s web site goes so far as to claim that the book ‘enables a complex subject to be grasped easily’ – I might well argue about the meaning of ‘easily’ in that boast (though one could argue that Usain Bolt won his Olympic titles ‘easily’) but I would not argue with the broad thrust that this is a clearly set out and very clearly written guide. The book benefits from its absorption of much ICO guidance, but this is not uncritical reproduction even if, perforce, some excerpts or restatements of that guidance are lengthy.

The authors do a very good job in updating. They are very aware of the dangers of finding their work overtaken by the much vaunted EU Commission data reform package and close each chapter that is likely to be affected with a summary of the changes that would arise from it. I suspect that the dangers are somewhat exaggerated – after all there was only a nine-year gap between editions and the EU package is looking like it might become unwrapped.

Appendices B to H contain precedents that may be used in various data protection scenarios. The longest one, Appendix E, has a data protection policy for a subject access request. It is not hard to see that, as with any precedent, there are those who will use it unwisely, but it seemed remarkably comprehensive to me and I am sure the unwise will be much outnumbered by those using it sensibly and congratulating themselves on thereby recovering the cost of the book in one fell swoop. I suspect that some of those will be lawyers.

Data Protection Strategy: Implementing Data Protection Compliance (2nd ed) is published by Sweet & Maxwell. It has a list price of £175 (450 pp, ISBN: 9780414026742. See