The EU General Data Protection Regulation (GDPR): a practical guide
Gespeichert in:
Hauptverfasser: | , |
---|---|
Format: | Buch |
Sprache: | English |
Veröffentlicht: |
Cham, Switzerland
Springer
[2017]
|
Schlagworte: | |
Online-Zugang: | Inhaltsverzeichnis Klappentext |
Beschreibung: | ix, 383 Seiten |
ISBN: | 9783319579580 3319579584 |
Internformat
MARC
LEADER | 00000nam a2200000 c 4500 | ||
---|---|---|---|
001 | BV044284007 | ||
003 | DE-604 | ||
005 | 20180913 | ||
007 | t | ||
008 | 170425s2017 |||| 00||| eng d | ||
020 | |a 9783319579580 |9 978-3-319-57958-0 | ||
020 | |a 3319579584 |9 3319579584 | ||
035 | |a (OCoLC)1004337931 | ||
035 | |a (DE-599)BVBBV044284007 | ||
040 | |a DE-604 |b ger |e rda | ||
041 | 0 | |a eng | |
049 | |a DE-M382 |a DE-739 |a DE-355 |a DE-2070s |a DE-1050 | ||
084 | |a PZ 4500 |0 (DE-625)141180: |2 rvk | ||
084 | |a PZ 4800 |0 (DE-625)141183: |2 rvk | ||
100 | 1 | |a Voigt, Paul |e Verfasser |0 (DE-588)1058443445 |4 aut | |
245 | 1 | 0 | |a The EU General Data Protection Regulation (GDPR) |b a practical guide |c Paul Voigt, Axel von dem Bussche |
246 | 1 | 3 | |a GDPR |
264 | 1 | |a Cham, Switzerland |b Springer |c [2017] | |
300 | |a ix, 383 Seiten | ||
336 | |b txt |2 rdacontent | ||
337 | |b n |2 rdamedia | ||
338 | |b nc |2 rdacarrier | ||
610 | 2 | 7 | |a Europäische Union |t Datenschutz-Grundverordnung |0 (DE-588)1105568555 |2 gnd |9 rswk-swf |
689 | 0 | 0 | |a Europäische Union |t Datenschutz-Grundverordnung |0 (DE-588)1105568555 |D u |
689 | 0 | |5 DE-604 | |
700 | 1 | |a Bussche, Axel von dem |d 1967- |e Verfasser |0 (DE-588)122969227 |4 aut | |
776 | 0 | 8 | |i Erscheint auch als |n Online-Ausgabe, eBook |z 978-3-319-57959-7 |
856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA |3 Inhaltsverzeichnis |
856 | 4 | 2 | |m Digitalisierung UB Passau - ADAM Catalogue Enrichment |q application/pdf |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA |3 Klappentext |
999 | |a oai:aleph.bib-bvb.de:BVB01-029688307 |
Datensatz im Suchindex
_version_ | 1804177476755128320 |
---|---|
adam_text | 1 Introduction and ‘Checklist’.......................................... 1
LI Legislative Purpose and Previous Legal Provisions................. 1
1.1.1 The Data Protection Directive............................ 1
1.1.2 The General Data Protection Regulation................... 2
1.2 Checklist: Most Important Data Protection Obligations............. 3
1.2.1 Organisational Requirements.............................. 3
L2.2 Lawfulness of the Processing Activities.................. 5
References.............................................................. 7
2 Scope of Application of the GDPR........................................ 9
2.1 In Which Case Does the Regulation Apply?.......................... 9
2.1.1 ‘Processing’........................................... 9
2.1.2 ‘Personal Data’......................................... 11
2.1.3 Exemptions from the Scope of Application................ 16
2.2 To Whom Does the Regulation Apply?............................... 17
2.2.1 ‘Controller’............................................ 17
2.2.2 ‘Processor’........................................... 20
2.2.3 Beneficiaries of Protection Under the GDPR.............. 20
2.3 Where Does the Regulation Apply?................................ 21
2.3.1 Data Processing in the Context of the Activities
of an EU Establishment.................................. 22
2.3.2 Processing of Personal Data of Data Subjects
in the EU............................................... 26
References............................................................. 29
3 Organisational Requirements........................................ 31
3.1 Accountability................................................... 31
3.2 General Obligations.............................................. 33
3.2.1 Responsibility, Liability and General Obligations
of the Controller....................................... 33
3.2.2 The Allocation of Responsibility Between Joint
Controllers............................................. 34
3.2.3 Cooperation with Supervisory Authorities................ 37
3.3 Technical and Organisational Measures............................ 38
3.3.1 Appropriate Data Protection Level....................... 38
v
vi Contents
3.3.2 Minimum Requirements.................................... 39
3.3.3 Risk-Based Approach Towards Data Security............... 40
3.3.4 The NIS Directive....................................... 42
3.4 Records of Processing Activities................................. 44
3.4.1 Content and Purpose of the Records...................... 44
3.4.2 Exemption from the Obligation to Maintain Records... 45
3.5 Data Protection Impact Assessment.............................. 47
3.5.1 Affected Types of Data Processing....................... 47
3.5.2 Scope of the Assessment................................. 49
3.6 Data Protection Officer........................,.............. 53
3.6.1 Designation Obligation.................................. 53
3.6.2 Aspects Regarding the Designation of the Data
Protection Officer...................................... 56
3.6.3 Position................................................ 58
3.6.4 Responsibilities........................................ 60
3.7 Privacy by Design and Privacy by Default......................... 62
3.8 Personal Data Breaches........................................... 65
3.8.1 Personal Data Breach.................................... 65
3.8.2 Notification to the Supervisory Authority............... 65
3.8.3 Communication to the Data Subjects...................... 69
3.9 Codes of Conduct, Certifications, Seals, Etc..................... 71
3.9.1 Relationship Between Codes of Conduct and
Certifications.......................................... 71
3.9.2 Codes of Conduct........................................ 72
3.9.3 Certifications, Seals, Marks............................ 77
3.10 Data Processors.................................................. 80
3.10.1 Privileged Position of the Processor.................... 80
3.10.2 Obligation of the Controller When Choosing
a Processor........................................... 81
3.10.3 Obligations of the Processor............................ 83
3.10.4 Designation of a Sub-Processor.......................... 84
References............................................................. 84
4 Material Requirements................................................... 87
4.1 Basic Principles................................................. 87
4.1.1 Lawfulness, Fairness and Transparency................... 88
4.1.2 Purpose Limitation...................................... 88
4.1.3 Data Minimisation....................................... 90
4.1.4 Accuracy................................................ 91
4.1.5 Storage Limitation...................................... 92
4.1.6 Integrity and Confidentiality........................... 92
4.2 Legal Justifications for Data Processing......................... 92
4.2.1 Processing Based on Consent............................. 93
4.2.2 Processing Based on a Legal Permission................. 100
4.2.3 Processing of Special Categories of Personal Data.... 110
Contents VN
4.3 Data Transfers to Third Countries............................ 116
4.3.1 Safe Third Countries.................................... 117
4.3.2 Consent................................................. 118
4.3.3 Standard Contractual Clauses............................ 119
4.3.4 EU—U.S. Privacy Shield.................................. 122
4.3.5 Binding Corporate Rules................................. 125
4.3.6 Codes of Conduct, Certifications, Etc................... 129
4.3.7 Derogations for Specific Situations .................... 130
4.3.8 Appointment of a Representative by Non-EU Entities... 133
4.4 Limited Privilege for Intra-Group Processing Activities.......... 135
4.4.1 Separate Data Protection Responsibility of Each
Group Member............................................. 136
4.4.2 Facilitations Regarding Material Requirements........... 137
4.4.3 Facilitation Regarding Organisational Requirements . . . 138
References............................................................. 138
5 Rights of Data Subjects................................................. 141
5.1 Transparency and Modalities...................................... 141
5.1.1 The Manner of Communicating with the
Data Subject............................................. 142
5.1.2 The Form of Communication............................... 143
5.2 Information Obligation of the Controller Prior to Processing... 143
5.2.1 Time of Information..................................... 144
5.2.2 Collection of the Data from the Data Subject............ 144
5.2.3 Obtainment of the Data from Another Source.............. 146
5.2.4 Practical Implications.................................. 147
5.3 Response to Data Subjects’ Requests.............................. 147
5.3.1 Manner of Response...................................... 147
5.3.2 Time of Response....................................... 149
5.3.3 Information in Case of Inaction......................... 149
5.3.4 Verification of the Data Subject’s Identity............. 150
5.4 Right to Access........................................... 150
5.4.1 Scope of the Right to Access............................ 150
5.4.2 Provision of Access to the Personal Data................ 152
5.4.3 Practical Implications . ............................... 153
5.5 Rights to Erasure, Rectification and Restriction................. 154
5.5.1 Right to Rectification.................................. 154
5.5.2 Right to Erasure........................................ 156
5.5.3 Right to Restriction of Processing...................... 164
5.5.4 Notification of Third Parties Regarding the Rights to
Erasure, Rectification and Restriction, Art. 19.......... 167
5.6 Right to Data Portability........................................ 168
5.6.1 Scope and Exercise of the Right to Data Portability ... 169
5.6.2 Technical Specifications................................ 174
5.6.3 Transmission of the Data............................... 174
viii Contents
5.6.4 Relation to the Right to Erasure...................... 175
5.6.5 Exclusion of the Right to Data Portability............ 175
5.7 Right to Object............................................. 176
5.7.1 Grounds for an Objection to Processing................ 177
5.7.2 Exercise of the Right and Legal Consequences...... 179
5.7.3 Information Obligation................................ 180
5.8 Automated Decision-Making..................................... 180
5.8.1 Scope of Application of the Prohibition............... 181
5.8.2 Exceptions from the Prohibition....................... 183
5.8.3 Appropriate Safeguards................................ 184
5.9 Restrictions of the Data Subjects’ Rights..................... 184
References.......................................................... 185
6 Interaction with the Supervisory Authorities........................ 189
6.1 Determination of the Competent Supervisory Authority.......... 189
6.2 One-Stop-Shop Mechanism....................................... 191
6.3 Determination of the Competent Lead Supervisory Authority. . . 192
6.3.1 Determination Based on an Entity’s Main
Establishment......................................... 192
6.3.2 Determination in the Absence of an EU
Establishment......................................... 195
6.3.3 Exception: Local Competences.......................... 195
6.4 Cooperation and Consistency Mechanism......................... 197
6.4.1 European Data Protection Board........................ 197
6.4.2 Cooperation Mechanism................................. 198
6.4.3 Consistency Mechanism................................. 198
References.......................................................... 199
7 Enforcement and Fines Under the GDPR............................. 201
7.1 Tasks and Investigative Powers of the Supervisory
Authorities................................................... 201
7.1.1 Greater Consistency of Investigative Powers
Throughout the EU..................................... 202
7.1.2 Scope of Investigative Powers......................... 202
7.1.3 Exercise of the Powers................................ 204
7.2 Civil Liability............................................... 204
7.2.1 Right to Claim Compensation.......................... 205
7.2.2 Liable Parties........................................ 207
7.2.3 Exemption from Liability.............................. 208
7.3 Administrative Sanctions and Fines............................ 208
7.3.1 Corrective Powers of the Supervisory Authorities . . . . 209
7.3.2 Grounds for and Amounts of Administrative Fines .... 210
7.3.3 Imposition of Fines, Including Mitigating Factors . ... 211
7.3.4 Sanctioning of Groups of Undertakings................. 212
7.3.5 Practical Implications................................ 213
Contents ¡x
7.4 Judicial Remedies........................................... 214
7.4.1 Remedies Available to Data Processing Entities.... 214
7.4.2 Remedies Available to Data Subjects................. 215
References........................................................ 216
8 National Peculiarities............................................. 219
8.1 Various Opening Clauses..................................... 219
8.1.1 Opening Clauses Included in General Provisions
of the GDPR......................................... 219
8.1.2 EU Member State Competence for Specific
Processing Situations............................... 223
8.2 Employee Data Protection.................................... 224
8.2.1 Opening Clause...................................... 225
8.2.2 Co-determination Bodies Provided for in Selected
EU Member States.................................. . 226
8.3 Telemedia Data Protection................................... 230
References........................................................ 232
9 Special Data Processing Activities................................. 235
9.1 Big Data.................................................. 235
9.1.1 Applicability of the GDPR........................... 236
9.1.2 Accountability.................................... 237
9.1.3 Safeguarding the Basic Principles of Lawful
Processing.......................................... 237
9.2 Cloud Computing............................................. 238
9.2.1 Allocation of Responsibilities...................... 239
9.2.2 Choosing a Suitable Cloud Service Provider.......... 239
9.2.3 Third-Country Cloud Service Providers............... 240
9.3 Internet of Things.......................................... 240
9.3.1 Legal Basis for Processing in the loT............... 241
9.3.2 Privacy by Design and Privacy by Default............ 242
References........................................................ 242
10 Practical Implementation of the Requirements Under the GDPR. . . 245
10.1 Step 1: ‘Gap’ Analysis...................................... 246
10.2 Step 2: Risk Analysis....................................... 246
10.3 Step 3: Project Steering and Resource/Budget Planning....... 247
10.4 Step 4: Implementation...................................... 247
10.5 Step 5: National Add-On Requirements........................ 249
References........................................................ 249
Annex I: Juxtaposition of the Provisions and Respective Recitals
of the GDPR............................................................ 251
Index
381
This book provides expert advice on the practical implementation of the European
Union’s General Data Protection Regulation (GDPR) and systematically analyses
its various provisions. Examples, tables, a checklist etc. showcase the practical
consequences of the new legislation. The handbook examines the GDPRs scope of
application, the organizational and material requirements for data protection, the rights
of data subjects, the role of the Supervisory Authorities, enforcement and fines under
the GDPR, and national particularities. In addition, it supplies a brief outlook on the
legal consequences for seminal data processing areas, such as Cloud Computing, Big
Data and the Internet of Things.
Adopted in 2016, the General Data Protection Regulation will come into force in May
2018. It provides for numerous new and intensified data protection obligations, as well
as a significant increase in fines (up to 20 million euros). As a result, not only companies
located within the European Union will have to change their approach to data security;
due to the GDPRs broad, transnational scope of application, it will affect numerous
companies worldwide.
|
any_adam_object | 1 |
author | Voigt, Paul Bussche, Axel von dem 1967- |
author_GND | (DE-588)1058443445 (DE-588)122969227 |
author_facet | Voigt, Paul Bussche, Axel von dem 1967- |
author_role | aut aut |
author_sort | Voigt, Paul |
author_variant | p v pv a v d b avd avdb |
building | Verbundindex |
bvnumber | BV044284007 |
classification_rvk | PZ 4500 PZ 4800 |
ctrlnum | (OCoLC)1004337931 (DE-599)BVBBV044284007 |
discipline | Rechtswissenschaft |
format | Book |
fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01883nam a2200385 c 4500</leader><controlfield tag="001">BV044284007</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20180913 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">170425s2017 |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783319579580</subfield><subfield code="9">978-3-319-57958-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">3319579584</subfield><subfield code="9">3319579584</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1004337931</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV044284007</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-M382</subfield><subfield code="a">DE-739</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-2070s</subfield><subfield code="a">DE-1050</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">PZ 4500</subfield><subfield code="0">(DE-625)141180:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">PZ 4800</subfield><subfield code="0">(DE-625)141183:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Voigt, Paul</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1058443445</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The EU General Data Protection Regulation (GDPR)</subfield><subfield code="b">a practical guide</subfield><subfield code="c">Paul Voigt, Axel von dem Bussche</subfield></datafield><datafield tag="246" ind1="1" ind2="3"><subfield code="a">GDPR</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cham, Switzerland</subfield><subfield code="b">Springer</subfield><subfield code="c">[2017]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">ix, 383 Seiten</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="610" ind1="2" ind2="7"><subfield code="a">Europäische Union</subfield><subfield code="t">Datenschutz-Grundverordnung</subfield><subfield code="0">(DE-588)1105568555</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Europäische Union</subfield><subfield code="t">Datenschutz-Grundverordnung</subfield><subfield code="0">(DE-588)1105568555</subfield><subfield code="D">u</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Bussche, Axel von dem</subfield><subfield code="d">1967-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)122969227</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe, eBook</subfield><subfield code="z">978-3-319-57959-7</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Klappentext</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029688307</subfield></datafield></record></collection> |
id | DE-604.BV044284007 |
illustrated | Not Illustrated |
indexdate | 2024-07-10T07:48:41Z |
institution | BVB |
isbn | 9783319579580 3319579584 |
language | English |
oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-029688307 |
oclc_num | 1004337931 |
open_access_boolean | |
owner | DE-M382 DE-739 DE-355 DE-BY-UBR DE-2070s DE-1050 |
owner_facet | DE-M382 DE-739 DE-355 DE-BY-UBR DE-2070s DE-1050 |
physical | ix, 383 Seiten |
publishDate | 2017 |
publishDateSearch | 2017 |
publishDateSort | 2017 |
publisher | Springer |
record_format | marc |
spelling | Voigt, Paul Verfasser (DE-588)1058443445 aut The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche GDPR Cham, Switzerland Springer [2017] ix, 383 Seiten txt rdacontent n rdamedia nc rdacarrier Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 gnd rswk-swf Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 u DE-604 Bussche, Axel von dem 1967- Verfasser (DE-588)122969227 aut Erscheint auch als Online-Ausgabe, eBook 978-3-319-57959-7 Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis Digitalisierung UB Passau - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA Klappentext |
spellingShingle | Voigt, Paul Bussche, Axel von dem 1967- The EU General Data Protection Regulation (GDPR) a practical guide Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 gnd |
subject_GND | (DE-588)1105568555 |
title | The EU General Data Protection Regulation (GDPR) a practical guide |
title_alt | GDPR |
title_auth | The EU General Data Protection Regulation (GDPR) a practical guide |
title_exact_search | The EU General Data Protection Regulation (GDPR) a practical guide |
title_full | The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche |
title_fullStr | The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche |
title_full_unstemmed | The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche |
title_short | The EU General Data Protection Regulation (GDPR) |
title_sort | the eu general data protection regulation gdpr a practical guide |
title_sub | a practical guide |
topic | Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 gnd |
topic_facet | Europäische Union Datenschutz-Grundverordnung |
url | http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA |
work_keys_str_mv | AT voigtpaul theeugeneraldataprotectionregulationgdprapracticalguide AT busscheaxelvondem theeugeneraldataprotectionregulationgdprapracticalguide AT voigtpaul gdpr AT busscheaxelvondem gdpr |