Privacy and Data Protection based on the GDPR – in 3 minutes

Information about people is increasingly valuable. Enabled by new technologies, organizations nowadays collect and process personal data on a large scale. While free flow of data across Europe is vital for the common market, however, it also presents a clear risk to the fundamental rights of individuals. This issue was addressed by the Council of the European Union and the European Parliament with the introduction of the General Data Protection Regulation (GDPR). As a European regulation, the GDPR is now applicable law in all Member States of the EU and also of the European Economic Area.

For many organizations processing personal data, the GDPR came as a shock. Surprisingly, because the requirements of the law were not that different from what had been required for 25 years already in national law based on the former Privacy Directive 95/46/EC. What did change, however, was that the rights of individuals whose personal data are being processed (the data subjects) are far better protected than before. Also new, is that fines imposed by the supervisory authorities for infringements on the GDPR are designed to be effective, proportionate and dissuasive, to quote GDPR Recital (151).

The Basics

Almost every company and organization needs to process personal data, to begin with the data of their staff and their customers. The GDPR, however, is not exactly ‘easy reading’. The regulation itself contains 99 articles, preceded by 173 recitals which are meant to provide context and explanations. Unfortunately there is no direct indication of which recitals are linked with which articles. Besides that, the European Data Protection Board has published numerous publications further explaining various concept in and details of the law. And then there is the case law based on the rulings of the Court of Justice of the EU.

Privacy and Data Protection based on the GDPR translates these legal texts into simple language, illustrated with many examples helping you understand how you can process the personal data you need to process, in a controlled and efficient way and without infringing on the law. You don’t have to be a lawyer to understand it, everyone should be able to put it into practice.

Summary

The purpose of Privacy and Data Protection based on the GDPR is to help you find the relevant rules and regulations that apply to your situation. The book helps you to achieve your business purposes using personal data within the requirements of the law, helps you to create powerful, efficient sets of procedures and safety measurements.

Topics include:

• History and context of privacy and data protection law
• Stakeholders rights and obligations
• Lawful grounds and principles of processing personal data
• Data subject’ rights and how to efficiently handle subject requests
• Data governance as a promoter of compliance
• Profiling, automated decision-making and privacy
• Risk assessment and mitigation
• Data breaches and related procedures
• The role of the supervisory authorities

Target Audience

Does your company provide services or products to customers within the European Economic Area (EEA)? Do you follow the behaviour of people in the EEA or do you collect personal data about identifiable persons located within the EEA? If so, the GDPR probably applies. Anyone who works with personal data should know which rules apply to them. Whether you are responsible as owner of a company, as a board member of an organization or a sports club, Privacy and Data Protection based on the GDPR will help you understand which requirements apply in your situation, and how you can deal with them in an effective and efficient way. In particular:

• Managers – who are primarily responsible for implementing and governing GDPR compliance in their organizations and institutions.
• Data protection professionals, including Data Protection Officers (DPOs) – who need an in depth understanding of data protection concepts, rules and regulations
• Executives – who are primarily responsible for collecting and further processing of personal data in accordance to the lawful purposes specified by management.
• Anyone incompanies and organizations  – who works with personal data of staff, volunteers, members or clients.

Scope

Privacy and Data Protection based on the GDPR helps you understand the principles of data protection as required by European law. The book explains the principles and concepts in the GDPR and links the recitals in the GDPR with the articles they relate to. It refers you to the pertaining publications of the EDPB providing further detail and to relevant case law based on the rulings of the Court of Justice of the EU. Numerous examples explain the legal texts and links them to everyday practice.

Relevant reading

The official publication of the GDPR can be found on the website of the European Union

Author: Leo Besemer

“Privacy and data protection based on the GDPR” will release October 1st!