GDPR: Personal Data Protection in the European Union

Mariusz Krzysztofek

Personal data protection has become one of the central issues in any understanding of the current world system. In this connection, the European Union (EU) has created the most sophisticated regime currently in force with the General Data Protection Regulation (GDPR) (EU) 2016/679. Following the GDPR's recent reform - the most extensive since the first EU laws in this area were adopted and implemented into the legal orders of the Member States - this book offers a comprehensive discussion of all principles of personal data processing, obligations of data controllers, and rights of data subjects, providing a thorough, up-to-date account of the legal and practical aspects of personal data protection in the EU.

Coverage includes the recent Court of Justice of the European Union (CJEU) judgment on data transfers and new or updated data protection authorities' guidelines in the EU Member States. Among the broad spectrum of aspects of the subject covered are the following:

- right to privacy judgments of the CJEU and the European Court of Human Rights;

- scope of the GDPR and its key definitions, key principles of personal data processing;

- legal bases for the processing of personal data;

- direct and digital marketing, cookies, and online behavioural advertising;

- processing of personal data of employees;

- sensitive data and criminal records;

- information obligation & privacy notices;

- data subjects rights;

- data controller, joint controllers, and processors;

- data protection by design and by default, data security measures, risk-based approach, records of personal data processing activities, notification of a personal data breach to the supervisory authority and communication to the data subject, data protection impact assessment, codes of conduct and certification;

- Data Protection Officer;

- transfers of personal data to non-EU/EEA countries; and

- privacy in the Internet and surveillance age.

Because the global scale and evolution of information technologies have changed the data processing environment and brought new challenges, and because many non-EU jurisdictions have adopted equivalent regimes or largely analogous regulations, the book will be of great usefulness worldwide.

Multinational corporations and their customers and contractors will benefit enormously from consulting and using this book, especially in conducting case law, guidelines and best practices formulated by European data protection authorities. For lawyers and academics researching or advising clients on this area, this book provides an indispensable source of practical guidance and information for many years to come.