GDPR: Personal Data Protection in the European Union Mariusz Krzysztofek Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) (EU) 2016/679. Following the GDPR’s recent reform – the most extensive since the first EU laws in this area were adopted and implemented into the legal orders of the Member States – this book offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers, and rights of data subjects, providing a thorough, up-to-date account of the legal and practical aspects of personal data protection in the EU. Coverage includes the recent Court of Justice of the European Union (CJEU) judgment on data transfers and new or updated data protection authorities’ guidelines in the EU Member States. Among the broad spectrum of aspects of the subject covered are the following: – right to privacy judgments of the CJEU and the European Court of Human Rights; – scope of the GDPR and its key definitions, key principles of personal data processing; – legal bases for the processing of personal data; – direct and digital marketing, cookies, and online behavioural advertising; – processing of personal data of employees; – sensitive data and criminal records; – information obligation & privacy notices; – data subjects rights; – data controller, joint controllers, and processors; – data protection by design and by default, data security measures, risk-based approach, records of personal data processing activities, notification of a personal data breach to the supervisory authority and communication to the data subject, data protection impact assessment, codes of conduct and certification; – Data Protection Officer; – transfers of personal data to non-EU/EEA countries; and – privacy in the Internet and surveillance age. Because the global scale and evolution of information technologies have changed the data processing environment and brought new challenges, and because many non-EU jurisdictions have adopted equivalent regimes or largely analogous regulations, the book will be of great usefulness worldwide. Multinational corporations and their customers and contractors will benefit enormously from consulting and using this book, especially in conducting case law, guidelines and best practices formulated by European data protection authorities. For lawyers and academics researching or advising clients on this area, this book provides an indispensable source of practical guidance and information for many years to come.

This book offers guidance for US-based IT businesses on both sides of the Atlantic when dealing with big data and government data, since transatlantic data flows are key to the success of these enterprises. It offers practical insights into many of the data-protection challenges US companies in various industries face when seeking to comply with US and EU data-protection laws, and analyses the potential conflicts in the light of their risks and the way in which US-based cloud providers react to the uncertainties of the applicable data-protection rules. The book particularly focuses on the insights derived from a qualitative study conducted in 2016 with various cloud-based IT businesses in the Silicon Valley area, which shows the diversity of views on data protection and the many approaches companies take to this topic. Further, it discusses key data-protection issues in the field of big data and government data.

The rapid development of information technology has exacerbated the need for robust personal data protection, the right to which is safeguarded by both European Union (EU) and Council of Europe (CoE) instruments. Safeguarding this important right entails new and significant challenges as technological advances expand the frontiers of areas such as surveillance, communication interception and data storage. This handbook is designed to familiarise legal practitioners not specialised in data protection with this emerging area of the law. It provides an overview of the EU’s and the CoE’s applicable legal frameworks. It also explains key case law, summarising major rulings of both the Court of Justice of the European Union and the European Court of Human Rights. In addition, it presents hypothetical scenarios that serve as practical illustrations of the diverse issues encountered in this ever-evolving field.

This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines the GDPR’s scope of application, the organizational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and national particularities. In addition, it supplies a brief outlook on the legal consequences for seminal data processing areas, such as Cloud Computing, Big Data and the Internet of Things.Adopted in 2016, the General Data Protection Regulation will come into force in May 2018. It provides for numerous new and intensified data protection obligations, as well as a significant increase in fines (up to 20 million euros). As a result, not only companies located within the European Union will have to change their approach to data security; due to the GDPR’s broad, transnational scope of application, it will affect numerous companies worldwide.

Combining a stimulating blend of academic authority and senior practitioner experience, this book tackles the principle of openness to official documentation and information flow. It covers important areas such as the Hutton Report into the death of Dr David Kelly, the freedom of speech in democratic societies, the value of the freedom of information and international comparisons. The book is a must read for courses on public policy and governance and information law.

The book deals with data protection issues from practical viewpoints. 40% of the content focus on the Malaysian Personal Data Protection Act (PDPA) 2010 progress, whilst 60% of the content focus on leading comparative practical guidance from Europe. Part of the PDPA provisions is mirrored from European approaches and practices. The approach of this book is straightforward, handy and readable and is supplemented by practical applications, illustrations, tables and diagrams. Practical examples highlighted in this book range from cloud computing, radio frequency identification technology, social media networks and information security to basic related aspects of data protection issues covering strategic leadership, management, governance and audit in businesses, organisations and local authorities. Recommended best practices have been outlined for practical guidance accompanied with future challenges and opportunities for Malaysia and ASEAN. The book is equally suitable for academics, practitioners, governmental officials and regulators dealing with data protection within their sector-specific legislation.