The EU General Data Protection Regulation (GDPR) a practical guide

The EU General Data Protection Regulation (GDPR) a practical guide

Weitere Versionen anzeigen (2)
Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Voigt, Paul (VerfasserIn), Bussche, Axel von dem 1967- (VerfasserIn)
Format: Buch
Sprache:English
Veröffentlicht: Cham, Switzerland Springer [2017]
Schlagworte:
Europäische Union > Datenschutz-Grundverordnung
Online-Zugang:Inhaltsverzeichnis
Klappentext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!

MARC

LEADER 00000nam a2200000 c 4500
001 BV044284007
003 DE-604
005 20180913
007 t|
008 170425s2017 xx |||| 00||| eng d
020 |a 9783319579580  |9 978-3-319-57958-0 
020 |a 3319579584  |9 3319579584 
035 |a (OCoLC)1004337931 
035 |a (DE-599)BVBBV044284007 
040 |a DE-604  |b ger  |e rda 
041 0 |a eng 
049 |a DE-M382  |a DE-739  |a DE-355  |a DE-2070s  |a DE-1050 
084 |a PZ 4500  |0 (DE-625)141180:  |2 rvk 
084 |a PZ 4800  |0 (DE-625)141183:  |2 rvk 
100 1 |a Voigt, Paul  |e Verfasser  |0 (DE-588)1058443445  |4 aut 
245 1 0 |a The EU General Data Protection Regulation (GDPR)  |b a practical guide  |c Paul Voigt, Axel von dem Bussche 
246 1 3 |a GDPR 
264 1 |a Cham, Switzerland  |b Springer  |c [2017] 
300 |a ix, 383 Seiten 
336 |b txt  |2 rdacontent 
337 |b n  |2 rdamedia 
338 |b nc  |2 rdacarrier 
610 2 7 |a Europäische Union  |t Datenschutz-Grundverordnung  |0 (DE-588)1105568555  |2 gnd  |9 rswk-swf 
689 0 0 |a Europäische Union  |t Datenschutz-Grundverordnung  |0 (DE-588)1105568555  |D u 
689 0 |5 DE-604 
700 1 |a Bussche, Axel von dem  |d 1967-  |e Verfasser  |0 (DE-588)122969227  |4 aut 
776 0 8 |i Erscheint auch als  |n Online-Ausgabe, eBook  |z 978-3-319-57959-7 
856 4 2 |m Digitalisierung UB Passau - ADAM Catalogue Enrichment  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA  |3 Inhaltsverzeichnis 
856 4 2 |m Digitalisierung UB Passau - ADAM Catalogue Enrichment  |q application/pdf  |u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA  |3 Klappentext 
943 1 |a oai:aleph.bib-bvb.de:BVB01-029688307 

Datensatz im Suchindex

_version_ 1819576595583598592
adam_text 1 Introduction and ‘Checklist’.......................................... 1 LI Legislative Purpose and Previous Legal Provisions................. 1 1.1.1 The Data Protection Directive............................ 1 1.1.2 The General Data Protection Regulation................... 2 1.2 Checklist: Most Important Data Protection Obligations............. 3 1.2.1 Organisational Requirements.............................. 3 L2.2 Lawfulness of the Processing Activities.................. 5 References.............................................................. 7 2 Scope of Application of the GDPR........................................ 9 2.1 In Which Case Does the Regulation Apply?.......................... 9 2.1.1 ‘Processing’........................................... 9 2.1.2 ‘Personal Data’......................................... 11 2.1.3 Exemptions from the Scope of Application................ 16 2.2 To Whom Does the Regulation Apply?............................... 17 2.2.1 ‘Controller’............................................ 17 2.2.2 ‘Processor’........................................... 20 2.2.3 Beneficiaries of Protection Under the GDPR.............. 20 2.3 Where Does the Regulation Apply?................................ 21 2.3.1 Data Processing in the Context of the Activities of an EU Establishment.................................. 22 2.3.2 Processing of Personal Data of Data Subjects in the EU............................................... 26 References............................................................. 29 3 Organisational Requirements........................................ 31 3.1 Accountability................................................... 31 3.2 General Obligations.............................................. 33 3.2.1 Responsibility, Liability and General Obligations of the Controller....................................... 33 3.2.2 The Allocation of Responsibility Between Joint Controllers............................................. 34 3.2.3 Cooperation with Supervisory Authorities................ 37 3.3 Technical and Organisational Measures............................ 38 3.3.1 Appropriate Data Protection Level....................... 38 v vi Contents 3.3.2 Minimum Requirements.................................... 39 3.3.3 Risk-Based Approach Towards Data Security............... 40 3.3.4 The NIS Directive....................................... 42 3.4 Records of Processing Activities................................. 44 3.4.1 Content and Purpose of the Records...................... 44 3.4.2 Exemption from the Obligation to Maintain Records... 45 3.5 Data Protection Impact Assessment.............................. 47 3.5.1 Affected Types of Data Processing....................... 47 3.5.2 Scope of the Assessment................................. 49 3.6 Data Protection Officer........................,.............. 53 3.6.1 Designation Obligation.................................. 53 3.6.2 Aspects Regarding the Designation of the Data Protection Officer...................................... 56 3.6.3 Position................................................ 58 3.6.4 Responsibilities........................................ 60 3.7 Privacy by Design and Privacy by Default......................... 62 3.8 Personal Data Breaches........................................... 65 3.8.1 Personal Data Breach.................................... 65 3.8.2 Notification to the Supervisory Authority............... 65 3.8.3 Communication to the Data Subjects...................... 69 3.9 Codes of Conduct, Certifications, Seals, Etc..................... 71 3.9.1 Relationship Between Codes of Conduct and Certifications.......................................... 71 3.9.2 Codes of Conduct........................................ 72 3.9.3 Certifications, Seals, Marks............................ 77 3.10 Data Processors.................................................. 80 3.10.1 Privileged Position of the Processor.................... 80 3.10.2 Obligation of the Controller When Choosing a Processor........................................... 81 3.10.3 Obligations of the Processor............................ 83 3.10.4 Designation of a Sub-Processor.......................... 84 References............................................................. 84 4 Material Requirements................................................... 87 4.1 Basic Principles................................................. 87 4.1.1 Lawfulness, Fairness and Transparency................... 88 4.1.2 Purpose Limitation...................................... 88 4.1.3 Data Minimisation....................................... 90 4.1.4 Accuracy................................................ 91 4.1.5 Storage Limitation...................................... 92 4.1.6 Integrity and Confidentiality........................... 92 4.2 Legal Justifications for Data Processing......................... 92 4.2.1 Processing Based on Consent............................. 93 4.2.2 Processing Based on a Legal Permission................. 100 4.2.3 Processing of Special Categories of Personal Data.... 110 Contents VN 4.3 Data Transfers to Third Countries............................ 116 4.3.1 Safe Third Countries.................................... 117 4.3.2 Consent................................................. 118 4.3.3 Standard Contractual Clauses............................ 119 4.3.4 EU—U.S. Privacy Shield.................................. 122 4.3.5 Binding Corporate Rules................................. 125 4.3.6 Codes of Conduct, Certifications, Etc................... 129 4.3.7 Derogations for Specific Situations .................... 130 4.3.8 Appointment of a Representative by Non-EU Entities... 133 4.4 Limited Privilege for Intra-Group Processing Activities.......... 135 4.4.1 Separate Data Protection Responsibility of Each Group Member............................................. 136 4.4.2 Facilitations Regarding Material Requirements........... 137 4.4.3 Facilitation Regarding Organisational Requirements . . . 138 References............................................................. 138 5 Rights of Data Subjects................................................. 141 5.1 Transparency and Modalities...................................... 141 5.1.1 The Manner of Communicating with the Data Subject............................................. 142 5.1.2 The Form of Communication............................... 143 5.2 Information Obligation of the Controller Prior to Processing... 143 5.2.1 Time of Information..................................... 144 5.2.2 Collection of the Data from the Data Subject............ 144 5.2.3 Obtainment of the Data from Another Source.............. 146 5.2.4 Practical Implications.................................. 147 5.3 Response to Data Subjects’ Requests.............................. 147 5.3.1 Manner of Response...................................... 147 5.3.2 Time of Response....................................... 149 5.3.3 Information in Case of Inaction......................... 149 5.3.4 Verification of the Data Subject’s Identity............. 150 5.4 Right to Access........................................... 150 5.4.1 Scope of the Right to Access............................ 150 5.4.2 Provision of Access to the Personal Data................ 152 5.4.3 Practical Implications . ............................... 153 5.5 Rights to Erasure, Rectification and Restriction................. 154 5.5.1 Right to Rectification.................................. 154 5.5.2 Right to Erasure........................................ 156 5.5.3 Right to Restriction of Processing...................... 164 5.5.4 Notification of Third Parties Regarding the Rights to Erasure, Rectification and Restriction, Art. 19.......... 167 5.6 Right to Data Portability........................................ 168 5.6.1 Scope and Exercise of the Right to Data Portability ... 169 5.6.2 Technical Specifications................................ 174 5.6.3 Transmission of the Data............................... 174 viii Contents 5.6.4 Relation to the Right to Erasure...................... 175 5.6.5 Exclusion of the Right to Data Portability............ 175 5.7 Right to Object............................................. 176 5.7.1 Grounds for an Objection to Processing................ 177 5.7.2 Exercise of the Right and Legal Consequences...... 179 5.7.3 Information Obligation................................ 180 5.8 Automated Decision-Making..................................... 180 5.8.1 Scope of Application of the Prohibition............... 181 5.8.2 Exceptions from the Prohibition....................... 183 5.8.3 Appropriate Safeguards................................ 184 5.9 Restrictions of the Data Subjects’ Rights..................... 184 References.......................................................... 185 6 Interaction with the Supervisory Authorities........................ 189 6.1 Determination of the Competent Supervisory Authority.......... 189 6.2 One-Stop-Shop Mechanism....................................... 191 6.3 Determination of the Competent Lead Supervisory Authority. . . 192 6.3.1 Determination Based on an Entity’s Main Establishment......................................... 192 6.3.2 Determination in the Absence of an EU Establishment......................................... 195 6.3.3 Exception: Local Competences.......................... 195 6.4 Cooperation and Consistency Mechanism......................... 197 6.4.1 European Data Protection Board........................ 197 6.4.2 Cooperation Mechanism................................. 198 6.4.3 Consistency Mechanism................................. 198 References.......................................................... 199 7 Enforcement and Fines Under the GDPR............................. 201 7.1 Tasks and Investigative Powers of the Supervisory Authorities................................................... 201 7.1.1 Greater Consistency of Investigative Powers Throughout the EU..................................... 202 7.1.2 Scope of Investigative Powers......................... 202 7.1.3 Exercise of the Powers................................ 204 7.2 Civil Liability............................................... 204 7.2.1 Right to Claim Compensation.......................... 205 7.2.2 Liable Parties........................................ 207 7.2.3 Exemption from Liability.............................. 208 7.3 Administrative Sanctions and Fines............................ 208 7.3.1 Corrective Powers of the Supervisory Authorities . . . . 209 7.3.2 Grounds for and Amounts of Administrative Fines .... 210 7.3.3 Imposition of Fines, Including Mitigating Factors . ... 211 7.3.4 Sanctioning of Groups of Undertakings................. 212 7.3.5 Practical Implications................................ 213 Contents ¡x 7.4 Judicial Remedies........................................... 214 7.4.1 Remedies Available to Data Processing Entities.... 214 7.4.2 Remedies Available to Data Subjects................. 215 References........................................................ 216 8 National Peculiarities............................................. 219 8.1 Various Opening Clauses..................................... 219 8.1.1 Opening Clauses Included in General Provisions of the GDPR......................................... 219 8.1.2 EU Member State Competence for Specific Processing Situations............................... 223 8.2 Employee Data Protection.................................... 224 8.2.1 Opening Clause...................................... 225 8.2.2 Co-determination Bodies Provided for in Selected EU Member States.................................. . 226 8.3 Telemedia Data Protection................................... 230 References........................................................ 232 9 Special Data Processing Activities................................. 235 9.1 Big Data.................................................. 235 9.1.1 Applicability of the GDPR........................... 236 9.1.2 Accountability.................................... 237 9.1.3 Safeguarding the Basic Principles of Lawful Processing.......................................... 237 9.2 Cloud Computing............................................. 238 9.2.1 Allocation of Responsibilities...................... 239 9.2.2 Choosing a Suitable Cloud Service Provider.......... 239 9.2.3 Third-Country Cloud Service Providers............... 240 9.3 Internet of Things.......................................... 240 9.3.1 Legal Basis for Processing in the loT............... 241 9.3.2 Privacy by Design and Privacy by Default............ 242 References........................................................ 242 10 Practical Implementation of the Requirements Under the GDPR. . . 245 10.1 Step 1: ‘Gap’ Analysis...................................... 246 10.2 Step 2: Risk Analysis....................................... 246 10.3 Step 3: Project Steering and Resource/Budget Planning....... 247 10.4 Step 4: Implementation...................................... 247 10.5 Step 5: National Add-On Requirements........................ 249 References........................................................ 249 Annex I: Juxtaposition of the Provisions and Respective Recitals of the GDPR............................................................ 251 Index 381 This book provides expert advice on the practical implementation of the European Union’s General Data Protection Regulation (GDPR) and systematically analyses its various provisions. Examples, tables, a checklist etc. showcase the practical consequences of the new legislation. The handbook examines the GDPRs scope of application, the organizational and material requirements for data protection, the rights of data subjects, the role of the Supervisory Authorities, enforcement and fines under the GDPR, and national particularities. In addition, it supplies a brief outlook on the legal consequences for seminal data processing areas, such as Cloud Computing, Big Data and the Internet of Things. Adopted in 2016, the General Data Protection Regulation will come into force in May 2018. It provides for numerous new and intensified data protection obligations, as well as a significant increase in fines (up to 20 million euros). As a result, not only companies located within the European Union will have to change their approach to data security; due to the GDPRs broad, transnational scope of application, it will affect numerous companies worldwide.
any_adam_object 1
author Voigt, Paul
Bussche, Axel von dem 1967-
author_GND (DE-588)1058443445
(DE-588)122969227
author_facet Voigt, Paul
Bussche, Axel von dem 1967-
author_role aut
aut
author_sort Voigt, Paul
author_variant p v pv
a v d b avd avdb
building Verbundindex
bvnumber BV044284007
classification_rvk PZ 4500
PZ 4800
ctrlnum (OCoLC)1004337931
(DE-599)BVBBV044284007
discipline Rechtswissenschaft
format Book
fullrecord <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01884nam a2200385 c 4500</leader><controlfield tag="001">BV044284007</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20180913 </controlfield><controlfield tag="007">t|</controlfield><controlfield tag="008">170425s2017 xx |||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9783319579580</subfield><subfield code="9">978-3-319-57958-0</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">3319579584</subfield><subfield code="9">3319579584</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1004337931</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV044284007</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-M382</subfield><subfield code="a">DE-739</subfield><subfield code="a">DE-355</subfield><subfield code="a">DE-2070s</subfield><subfield code="a">DE-1050</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">PZ 4500</subfield><subfield code="0">(DE-625)141180:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">PZ 4800</subfield><subfield code="0">(DE-625)141183:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Voigt, Paul</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1058443445</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The EU General Data Protection Regulation (GDPR)</subfield><subfield code="b">a practical guide</subfield><subfield code="c">Paul Voigt, Axel von dem Bussche</subfield></datafield><datafield tag="246" ind1="1" ind2="3"><subfield code="a">GDPR</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Cham, Switzerland</subfield><subfield code="b">Springer</subfield><subfield code="c">[2017]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">ix, 383 Seiten</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="610" ind1="2" ind2="7"><subfield code="a">Europäische Union</subfield><subfield code="t">Datenschutz-Grundverordnung</subfield><subfield code="0">(DE-588)1105568555</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Europäische Union</subfield><subfield code="t">Datenschutz-Grundverordnung</subfield><subfield code="0">(DE-588)1105568555</subfield><subfield code="D">u</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Bussche, Axel von dem</subfield><subfield code="d">1967-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)122969227</subfield><subfield code="4">aut</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe, eBook</subfield><subfield code="z">978-3-319-57959-7</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=029688307&amp;sequence=000001&amp;line_number=0001&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Passau - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&amp;doc_library=BVB01&amp;local_base=BVB01&amp;doc_number=029688307&amp;sequence=000002&amp;line_number=0002&amp;func_code=DB_RECORDS&amp;service_type=MEDIA</subfield><subfield code="3">Klappentext</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-029688307</subfield></datafield></record></collection>
id DE-604.BV044284007
illustrated Not Illustrated
indexdate 2024-12-24T05:56:05Z
institution BVB
isbn 9783319579580
3319579584
language English
oai_aleph_id oai:aleph.bib-bvb.de:BVB01-029688307
oclc_num 1004337931
open_access_boolean
owner DE-M382
DE-739
DE-355
DE-BY-UBR
DE-2070s
DE-1050
owner_facet DE-M382
DE-739
DE-355
DE-BY-UBR
DE-2070s
DE-1050
physical ix, 383 Seiten
publishDate 2017
publishDateSearch 2017
publishDateSort 2017
publisher Springer
record_format marc
spellingShingle Voigt, Paul
Bussche, Axel von dem 1967-
The EU General Data Protection Regulation (GDPR) a practical guide
Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 gnd
subject_GND (DE-588)1105568555
title The EU General Data Protection Regulation (GDPR) a practical guide
title_alt GDPR
title_auth The EU General Data Protection Regulation (GDPR) a practical guide
title_exact_search The EU General Data Protection Regulation (GDPR) a practical guide
title_full The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche
title_fullStr The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche
title_full_unstemmed The EU General Data Protection Regulation (GDPR) a practical guide Paul Voigt, Axel von dem Bussche
title_short The EU General Data Protection Regulation (GDPR)
title_sort the eu general data protection regulation gdpr a practical guide
title_sub a practical guide
topic Europäische Union Datenschutz-Grundverordnung (DE-588)1105568555 gnd
topic_facet Europäische Union Datenschutz-Grundverordnung
url http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=029688307&sequence=000002&line_number=0002&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv AT voigtpaul theeugeneraldataprotectionregulationgdprapracticalguide
AT busscheaxelvondem theeugeneraldataprotectionregulationgdprapracticalguide
AT voigtpaul gdpr
AT busscheaxelvondem gdpr

Ähnliche Einträge