Bird & Bird – a summary guide to key changes to the law

This guide by Bird & Bird, summarises the legislation resulting from the GDPR. This represents a significant overhaul of Europe’s data protection policy. Summarising the key changes that the new law will bring the guide highlights important actions many firms will need to take in their preparations to comply with GDPR legislation.

This summary is divided into the core chapters outlined below. To view the article in its entirety please click here

Scope, timetable and new concepts

  • Material and territorial scope
  • New and significantly changed concepts


  • Data protection principles
  • Lawfulness of processing and further processing
  • Legitimate interests
  • Consent
  • Children
  • Sensitive data and lawful processing

Individual rights

  • Information notices
  • Subject access, rectification and portability
  • Rights to object
  • Right to erasure and right to restriction of processing
  • Profiling and automated decision-taking

Accountability, security and breach notification

  • Data governance obligations
  • Personal data breaches and notification
  • Codes of conduct and certifications

Data transfers

  • Transfers of personal data


  • Appointment of supervisory authorities
  • Competence, tasks and powers
  • Co-operation and consistency between supervisory authorities
  • European Data Protection Board


  • Remedies and liabilities
  • Administrative fines

Special cases

  • Derogations and special conditions

Delegated acts and implementing act

  • Delegated acts, implementing acts and final provisions