This guide by Bird & Bird, summarises the legislation resulting from the GDPR. This represents a significant overhaul of Europe’s data protection policy. Summarising the key changes that the new law will bring the guide highlights important actions many firms will need to take in their preparations to comply with GDPR legislation.
This summary is divided into the core chapters outlined below. To view the article in its entirety please click here
Scope, timetable and new concepts
- Material and territorial scope
- New and significantly changed concepts
Principles
- Data protection principles
- Lawfulness of processing and further processing
- Legitimate interests
- Consent
- Children
- Sensitive data and lawful processing
Individual rights
- Information notices
- Subject access, rectification and portability
- Rights to object
- Right to erasure and right to restriction of processing
- Profiling and automated decision-taking
Accountability, security and breach notification
- Data governance obligations
- Personal data breaches and notification
- Codes of conduct and certifications
Data transfers
- Transfers of personal data
Regulators
- Appointment of supervisory authorities
- Competence, tasks and powers
- Co-operation and consistency between supervisory authorities
- European Data Protection Board
Enforcement
- Remedies and liabilities
- Administrative fines
Special cases
- Derogations and special conditions
Delegated acts and implementing act
- Delegated acts, implementing acts and final provisions