Ben's Book of the Month: Review of "The EU General Data Protection Regulation (GDPR): A Practical Guide"

Posted on by Ben Rothke

It was about 20 years ago that the Y2K problem had firms scrambling to fix the issue. At its core, it was a rather simple problem to fix. Firms just had to change a 2-digit year field to a 4-digit field. But the devil, as always, was in the details and firms struggled to understand how many applications they had, and where the date fields resided in their massive code base. Many Fortune 500 firms took 6-months or more just to get a listing of the applications that were potentially problematic.

Compared to the Y2K issue, the problems firms face with the General Data Protection Regulation (GDPR) are infinitely greater. In the appropriately titled The EU General Data Protection Regulation (GDPR): A Practical Guide (Springer 978-3319579580), authors Paul Voigt and Axel von dem Bussche have written a highly pragmatic guide that provides an excellent overview of the regulation, and how to ensure compliance with it.

GDPR was put into effect in April 2016 and becomes enforceable on May 25, 2018. While the text of the regulation is freely available, it doesn’t lend itself to an easy read, or details on how to effectively execute it. In the book, the authors focus on the practical aspects of the regulation and show how to implement it in a methodical manner.

This book has a focus on practical implementation and the authors provide a large number of real-world examples to concretize the many concepts in the regulation.

For those that have not started their GDPR remediation efforts, there is a massive amount they need to do before the regulation goes live in 70 days. For anyone tasked with GDPR compliance, this is the book most people should have read some time ago.

Ben Rothke

Senior Information Security Manager, Tapad


Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community