EU General Data Protection Regulation (GDPR)

A Commentary, Second Edition

Inbunden, Engelska, 2021

Av Lukas Feiler, Nikolaus Forgó, Michaela Nebel, Nikolaus Forgo

1 429 kr

Beställningsvara. Skickas inom 7-10 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

Since 25 May 2018 the General Data Protection Regulation 2016/679 (GDPR) has applied, representing a significant overhaul of data protection law in the European Union. Although it was drafted and passed by the European Union, the GDPR imposes obligations onto organisations anywhere, so long as they collect or target data relating to people in the EU. It is one of the toughest privacy and security laws in the world and harsh fines are levied against those who violate its privacy and security standards.This commentary provides a detailed examination of the individual articles of the GDPR and is an essential resource aimed at helping legal practitioners prepare for compliance. The second edition includes guidelines on the interpretation of the GDPR published by the European Data Protection Board as well as new case law by the Court of Justice of the European Union. This revised and updated edition includes:•a general introduction to data protection law;•full text of the GDPR’s articles and recitals;•article-by-article commentary explaining the individual provisions and elements of each article.In addition to lawyers and in-house counsel, this book is also suitable for law professors and students, and offers comprehensive coverage of this increasingly important area of data protection legislation.

Produktinformation

Utgivningsdatum2021-10-25
Mått160 x 240 x 29 mm
Vikt796 g
FormatInbunden
SpråkEngelska
Antal sidor343
Upplaga2
FörlagGlobe Law and Business Ltd
ISBN9781787424784

Tillhör följande kategorier

List of abbreviations 9List of Recitals of the General Data Protection Regulation 11Introduction to the General Data Protection Regulation 131. Introduction 132. The most important compliance steps to be implemented 133. Basic terms of the GDPR 144. The scope of the GDPR 154.1 Material scope – what processing activities are covered? .............. 154.2 Personal scope – who does the GDPR apply to? ........................ 154.3 Territorial scope – where does the GDPR apply? ...................... 165. The relationship with national data protection laws 166. The principles relating to the processing of personal data 187. Legal basis requirement for any data processing activity 197.1 Available legal bases ................. 197.2 Requirements for valid consent ............................ 208. Information obligations and privacy notices 229. Rights of the data subject 2410. Profiling and automated individual decision-making 2511. Data protection compliance programme 2611.1 Organisational measures including data protection strategies ................................ 2611.2 Technical measures including privacy by design and by default ............................... 2612. Maintaining a record of processing activities 2713. Data protection impact assessment and consultation obligation with supervisory authority 2814. Data protection officer 2915. Data security 3015.1 Mandatory data security measures ................................. 3015.2 Obligation to notify personal data breaches .......................... 3116. Mandatory arrangements between joint controllers 3317. Obligations in case of outsourcing 3318. International data transfers 3418.1 Transfers not subject to notification or approval ......... 3518.2 Transfers subject to notification ............................. 3618.3 Transfers subject to approval .. 3619. International jurisdiction of supervisory authorities 3720. Administrative fines and other sanctions 3821. Civil liability and private enforcement 40Text of the General Data Protection Regulation and commentary 41Chapter I – General provisions 43Article 1 Subject-matter and objectives ........................ 43Article 2 Material scope ................. 47Article 3 Territorial scope .............. 51Article 4 Definitions ...................... 56Chapter II – Principles 75Article 5 Principles relating to processing of personal data ................... 75Article 6 Lawfulness of processing ....................... 81Article 7 Conditions for consent ... 90Article 8 Conditions applicable to child’s consent in relation to information society services ................ 93Article 9 Processing of special categories of personal data ................... 96Article 10 Processing of personal data relating to criminal convictions and offences .................. 102Article 11 Processing which does not require identification ................ 103Chapter III – Rights of the data subject 105Section 1 – Transparency and modalities 105Article 12 Transparent information, communication and modalities for the exercise of the rights of the data subject ................... 105Section 2 – Information and access to personal data 109Article 13 Information to be provided where personal data are collected from the data subject .... 109Article 14 Information to be provided where personal data have not been obtained from the data subject ................... 115Article 15 Right of access by the data subject ................... 120Section 3 – Rectification and erasure 123Article 16 Right to rectification ..... 123Article 17 Right to erasure (‘right to be forgotten’) ..................... 124Article 18 Right to restriction of processing ................. 128Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing ..................... 130Article 20 Right to data portability ..................... 131Section 4 – Right to object and automated individual decision-making 135Article 21 Right to object .............. 135Article 22 Automated individual decision-making, including profiling ....... 138Section 5 – Restrictions 142Article 23 Restrictions ................... 142Chapter IV – Controller and processor 145Section 1 – General obligations 145Article 24 Responsibility of the controller ...................... 145Article 25 Data protection by design and by default .............. 149Article 26 Joint controllers ............ 152Article 27 Representatives of controllers or processors not established in the Union ........................... 154Article 28 Processor ....................... 157Article 29 Processing under the authority of the controller or processer .................. 162Article 30 Records of processing activities ....................... 163Article 31 Cooperation with the supervisory authority ... 166Section 2 – Security of personal data _ 167Article 32 Security of processing ... 167Article 33 Notification of a personal data breach to the supervisory authority ... 171Article 34 Communication of a personal data breach to the data subject ............ 174Section 3 – Data protection impact assessment and prior consultation 177Article 35 Data protection impact assessment .................... 177Article 36 Prior consultation ......... 185Section 4 – Data protection officer 188Article 37 Designation of the data protection officer .......... 188Article 38 Position of the data protection officer .......... 194Article 39 Tasks of the data protection officer ........................... 197Section 5 – Codes of conduct and certification 199Article 40 Codes of conduct ......... 199Article 41 Monitoring of approved codes of conduct .......... 202Article 42 Certification ................. 204Article 43 Certification bodies ...... 206Chapter V – Transfers of personal data to third countries or international organisations 209Article 44 General principle for transfers ........................ 209Article 45 Transfers on the basis of an adequacy decision ........................ 211Article 46 Transfers subject to appropriate safeguards ..................... 216Article 47 Binding corporate rules .............................. 221Article 48 Transfers or disclosures not authorised by Union law ..................... 224Article 49 Derogations for specific situations ...................... 225Article 50 International cooperation for the protection of personal data ................ 230Chapter VI – Independent supervisory authorities 231Section 1 – Independent status 231Article 51 Supervisory authority ... 231Article 52 Independence ............... 233Article 53 General conditions for the members of the supervisory authority ...................... 235Article 54 Rules on the establishment of the supervisory authority ...................... 236Section 2 – Competence, tasks and powers 237Article 55 Competence ................. 237Article 56 Competence of the lead supervisory authority ...................... 239Article 57 Tasks ............................. 246Article 58 Powers .......................... 249Article 59 Activity reports ............. 252Chapter VII – Cooperation and consistency 253Section 1 – Cooperation 253Article 60 Cooperation between the lead supervisory authority and the other supervisory authorities concerned ... 253Article 61 Mutual assistance ......... 257Article 62 Joint operations of supervisory authorities .................... 259Section 2 – Consistency 261Article 63 Consistency mechanism ................... 261Article 64 Opinion of the Board ............................ 262Article 65 Dispute resolution by the Board ...................... 265Article 66 Urgency procedure ....... 269Article 67 Exchange of information .................. 271Section 3 – European Data Protection Board 272Article 68 European Data Protection Board ........... 272Article 69 Independence ............... 273Article 70 Tasks of the Board ......... 274Article 71 Reports ......................... 277Article 72 Procedure ..................... 278Article 73 Chair ............................ 279Article 74 Tasks of the Chair ......... 280Article 75 Secretariat ..................... 281Article 76 Confidentiality ............. 282Chapter VIII – Remedies, liability and penalties 283Article 77 Right to lodge a complaint with a supervisory authority ... 283Article 78 Right to an effective judicial remedy against a supervisory authority ...................... 285Article 79 Right to an effective judicial remedy against a controller or processor ...................... 287Article 80 Representation of data subjects ................. 289Article 81 Suspension of proceedings .................. 291Article 82 Right to compensation and liability .................. 293Article 83 General conditions for imposing administrative fines ................................ 296Article 84 Penalties ........................ 303Chapter IX – Provisions relating to specific processing situations 305Article 85 Processing and freedom of expression and information .................. 305Article 86 Processing and public access to official documents .................... 307Article 87 Processing of the national identification number ......................... 309Article 88 Processing in the context of employment ............. 310Article 89 Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes ....................... 312Article 90 Obligations of secrecy .......................... 317Article 91 Existing data protection rules of churches and religious associations .... 318Chapter X – Delegated acts and implementing acts 319Article 92 Exercise of the delegation ..................... 319Article 93 Committee procedure ..................... 324Chapter XI – Final provisions 325Article 94 Repeal of Directive 95/46/EC ...................... 325Article 95 Relationship with Directive 2002/58/EC ... 327Article 96 Relationship with previously concluded Agreements ................... 328Article 97 Commission reports ..... 329Article 98 Review of other Union legal acts on data protection ..................... 330Article 99 Entry into force and application ................... 331Keyword index 333About the authors 341