American library books » Law » GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕

Read book online «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕».   Author   -   Adv. Prashant Mali



1 2 3 4 5 6 7 8 9 10 ... 71
Go to page:
GDPR Articles With Commentary & EU Case Laws

GDPR Articles With Commentary & EU Case Laws

 

 

 

 

 

 

 

 

 

 

 

 

GDPR Articles With

Commentary & EU Case Laws

 

 

 

 

Author

Adv. Prashant Mali

[M.Sc.(Computer Science), CCFP, CISSA,LLM, Ph.D(Pursu.)]

 

 

 

 

 

 

About Author:

 

Author is International Cyber Law & Privacy Expert and a practicing High Court Lawyer based out of Mumbai in India. He is Masters in Computer Science and Masters in Law with Certification in Computer Forensics & Information Systems Security Auditing and prior working experience in the field of Software, Networking & IT Security. He is Chevening (UK) Cyber Security Fellow & IVLP (USA). He is the founder president of a law firm named Cyber Law Consulting. He was awarded as Cyber Security Lawyer of the year (Asia Pacific) in 2016 and Cyber Security Lawyer of the Year by Financial Monthly Magazine of UK. He has been a sought after speaker on National and International forums and is interviewed by BBC World, Bloomberg, Zee News, NDTV, CNBC, Al Jazeera etc. His articles are published in various magazines across the world and he is been quoted by leading daily newspapers. He has conducted various workshops on GDPR in various countries and has unique way of explaining GDPR with examples and by comparing it to existing laws of the country.

 

 

 

Note:

 

Every effort has been made to avoid errors or omissions in this, errors may creep in any mistake, error or discrepancy noted may be brought to our notice which shall be taken care of in the next edition. It is notified that neither the publisher or the author or seller will be responsible for any damages or loss of action to any one, of any kind, in the manner, there from. It is suggested that to avoid any doubt the reader should cross- check all the facts, law and contents of the publication with original Government publication or notification.

All rights reserved. No part of this work may be copied, reproduced, adapted, abridged or translated. Stored in any retrieval system, computer system, photographic or other system or transmitted in any form by any means whether electronic, mechanical, digital, optical photographic or otherwise without the prior written permission of cyber Infomedia. Any breach will entail legal action and prosecution without further notice.

 

 

 

INDEX

 

 

 

Articles

 

Particular

 

CHAPTER 1 : GENERAL PROVISIONS

1

GDPR Subject-matter and objectives

2

GDPR Material scope

3

GDPR Territorial scope

4

GDPR Definitions

 

CHAPTER 2 : PRINCIPLES

5

GDPR Principles relating to processing of personal data

6

GDPR Lawfulness of processing

7

GDPR Conditions for consent

8

GDPR Conditions applicable to child's consent in relation to information society services

9

GDPR Processing of special categories of personal data

10

GDPR Processing of personal data relating to criminal convictions and offences

11

GDPR Processing which does not require identification

 

CHAPTER 3 : RIGHTS OF THE DATA SUBJECT

Section 1 : Transparency and modalities

12

GDPR Transparent information, communication and modalities for the exercise of the rights of the data subject

 

Section 2 : Information and access to personal data

13

GDPR Information to be provided where personal data are collected from the data subject

14

GDPR Information to be provided where personal data have not been obtained from the data subject

15

GDPR Right of access by the data subject

 

Section 3 : Rectification and erasure

16

GDPR Right to rectification

17

GDPR Right to erasure (‘right to be forgotten’)

18

GDPR Right to restriction of processing

19

GDPR Notification obligation regarding rectification or erasure of personal data or restriction of processing

20

GDPR Right to data portability

 

Section 4 : Right to object and automated individual decision-making

21

GDPR Right to object

22

GDPR Automated individual decision-making, including profiling

 

Section 5 : Restrictions

23

GDPR Restrictions

 

CHAPTER 4 : CONTROLLER AND PROCESSOR

Section 1 : General obligations

24

GDPR Responsibility of the controller

25

GDPR Data protection by design and by default

26

GDPR Joint controllers

27

GDPR Representatives of controllers or processors not established in the Union

28

GDPR Processor

29

GDPR Processing under the authority of the controller or processor

30

GDPR Records of processing activities

31

GDPR Cooperation with the supervisory authority

 

Section 2 : Security of personal data

32

GDPR Security of processing

33

GDPR Notification of a personal data breach to the supervisory authority

34

GDPRCommunication of apersonal databreach to the datasubject

 

Section 3 : Data protection impact assessment and prior consultation

35

GDPR Data protection impact assessment

36

GDPR Prior consultation

 

Section 4 : Data protection officer

37

GDPR Designation of the data protection officer

38

GDPR Position of the data protection officer

39

GDPR Tasks of the data protection officer

 

Section 5 : Codes of conduct and certification

40

GDPR Codes of conduct

41

GDPR Monitoring of approved codes of conduct

42

GDPR Certification

43

GDPR Certification bodies

 

CHAPTER 5 :TRANSFERS OFPERSONALDATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANISATIONS

44

GDPR General principle for transfers

45

GDPR Transfers on the basis of an adequacy decision

46

GDPR Transfers subject to appropriate safeguards

47

GDPR Binding corporate rules

48

GDPR Transfers or disclosures not authorised by Union law

49

GDPR Derogations for specific situations

50

GDPR International cooperation for the protection of personal data

 

CHAPTER    6    :    INDEPENDENT                   SUPERVISORY AUTHORITIES

Section 1 : Independent status

51

GDPR Supervisory authority

52

GDPR Independence

53

GDPR General conditions for the members of the supervisory authority

54

GDPR Rules on the establishment of the supervisory authority

 

Section 2 : Competence, tasks and powers

55

GDPR Competence

56

GDPR Competence of the lead supervisory authority

57

GDPR Tasks

58

GDPR Powers

59

GDPR Activity reports

 

CHAPTER 7 : COOPERATION AND CONSISTENCY

Section 1 : Cooperation

60

GDPR Cooperation between the lead supervisory authority and the other supervisory authorities concerned

61

GDPR Mutual assistance

62

GDPR Joint operations of supervisory authorities

 

Section 2 : Consistency

63

GDPR Consistency mechanism

64

GDPR Opinion of the Board

65

GDPR Dispute resolution by the Board

66

GDPR Urgency procedure

67

GDPR Exchange of information

 

Section 3 : European data protection board

68

GDPR European Data Protection Board

69

GDPR Independence

70

GDPR Tasks of the Board

71

GDPR Reports

72

GDPR Procedure

73

GDPR Chair

74

GDPR Tasks of the Chair

75

GDPR Secretariat

76

GDPR Confidentiality

 

CHAPTER    8    :    REMEDIES,   LIABILITY                    AND PENALTIES

77

GDPR Right to lodge a complaint with a supervisory authority

78

GDPR Right to an effective judicial remedy against a supervisory authority

79

GDPR Right to an effective judicial remedy against a controller or processor

80

GDPR Representation of data subjects

81

GDPR Suspension of proceedings

82

GDPR Right to compensation and liability

83

GDPR General conditions for imposing administrative fines

84

GDPR Penalties

 

CHAPTER 9 :PROVISIONSRELATING TOSPECIFIC PROCESSING SITUATIONS

85

GDPR Processing and freedom of expression and information

86

GDPR   Processing  and   public   access   to            official documents

87

GDPR Processing of the national identification number

88

GDPR Processing in the context of employment

89

GDPR Safeguards and derogations relating to processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes

90

GDPR Obligations of secrecy

91

GDPR Existing data protection rules of churches and religious associations

 

CHAPTER     10     :     DELEGATED    ACTS                    AND IMPLEMENTING ACTS

92

GDPR Exercise of the delegation

93

GDPR Committee procedure

 

CHAPTER 11 : FINAL PROVISIONS

94

GDPR Repeal of Directive 95/46/EC

95

GDPR Relationship with Directive 2002/58/EC

96

GDPR    Relationship   with    previously    concludedAgreements

97

GDPR Commission reports

98

GDPR Review of other Union legal acts on data protection

99

GDPR Entry into force and application

 

CASE LAWS

 

SUMMARY OF EU COURT DECISIONS RELATING TODATAPROTECTION (INNUMERICALORDER OF CASENUMBER)

 

 

1

COURT OF JUSTICE DECISIONS

1.1

C-450/00,      COMMISSION     V.     LUXEMBOURG, 4.10.2001(“LUXEMBOURG”)

1.2

C-465/00    AND   C-138/01,    RECHNUNGSHOF   V. OSTERREICHISCHER      RUNDFUNK,                                    20.5.2003

(“RECHNUNGSHOF”)

1.3

C-101/01, LINDQUIST, 6.11.2003 (“LINDQUIST”)

1.4

C-317 AND 318/04, PARLIAMENT V. COUNCIL (PNR), 30.5.2006 (“PNR”)

1.5

C-275/06,              PROMUSICAE,              29.1.2008

(“PROMUSICAE”)

1.6

C-301/06, IRELAND V. PARLIAMENT AND COUNCIL, 10.2.2009 (“IRELAND”)

1.7

C-524/06,     HUBER    V.    GERMANY,    16.12.2008 (“HUBER”)

1.8

C-73/07, TIETOSUOJAVALTUUTETTU [FINNISH DATA PROTECTION OMBUDSMAN] V. SATAKUNNAN MARKKINAPORSSI OY AND SATAMEDIA OY, 16.12.2008 (“TIETOSUOJAVALTUUTETTU”)

1.9

C-518/07,   COMMISSION  V.   GERMANY,  9.3.2010(“GERMANY”)

1.10

C-553/07, COLLEGE VAN BURGEMEESTER EN WETHOUDERS VAN ROTTERDAM V. RIJKEBOER, 7.5.2009 (“RIJKEBOER”)

1.11

C-557/07,             LSG-GESELLSCHAFT             ZURWAHRNEHMUNG                              VON

LEISTUNGSSCHUTZRECHTEN   GMBH    V.    TELE2 TELECOMMUNICATION GMBH, 19.2.2009 (“LSG”)

1.12

C-28/08, COMMISSION V. BAVARIAN LAGER CO., 29.6.2010 (“BAVARIAN LAGER”)

1.13

C-92/09 VOLKER UND MARKUS SCHECKE GBR V. LAND HESSEN, AND C-93/09, EIFERT V. LAND HESSEN AND BUNDESANSTALT FUR LANDWIRTSCHAFT UND ERNAHRUNG, 9.11.2010 (“SCHECKE”)

1.14

CASE C-70/10,SCARLET EXTENDEDSA V. SOCIETE BELGE DES AUTEURS, COMPOSITEURS ET EDITEURS SCRL (SABAM), 24.11.2011(“SCARLET”)

1.15

CASE C-461/10, BONNIER AUDIO AB ET AL. V. PERFECT COMMUNICATION SWEDEN, 19.4.2012 (“BONNIER”)

1.16

JOINED CASES C-468/10 AND C-469/10, ASOCIACION NACIONAL DE ESTABLECIMIENTOS FINANCIEROS DE CREDITO (ASNEF) AND FEDERACION DE COMERCIO ELECTRONICO Y MARKETING DIRECTO (FECEMD) V. ADMINISTRACION DEL ESTADO, 24.11.2011 (“ASNEF”)

1.17

C-614/10, COMMISSION V. AUSTRIA, 16.10.2012 (“AUSTRIA”)

1.18

C-614/10, COMMISSION V. AUSTRIA, 16.10.2012 (“AUSTRIA”)

1.19

C-131/12, GOOGLE SPAIN SL V. AEPD (THE DPA) & MARIO COSTEJA GONZALEZ, 13.5.2014 (“GOOGLE”)

1.20

C-141/12     AND    C-372/12,     MINISTER                   VOOR IMMIGRATIE V. M, 17.7.2014 (“M”)

1.21

C-288/12,   COMMISSION  V.   HUNGARY,  8.4.2014(“HUNGARY”)

1.22

C-291/12,    SCHWARZ   V.   BOCHUM,   17.10.2014(“SCHWARZ”)

1.23

C-293/12 AND C-594-12, DIGITAL RIGHTS IRELAND LTD V. IRELAND, 8.4.2014 (“DRI”)

1.24

C-342-12, WORTEN-EQUIPAMENTOS PARA O LAR SA

ACT (AUTHORITY FOR WORKING CONDITIONS), 30.5.2013 (“WORTEN”)

1.25

C-473/12, IPI V. ENGLEBERT (“ENGLEBERT”)

1.26

C-486/12, X, 12.12.2013 (“X”)

1.27

C-212/13,     RYNES    V.    ÚŘAD    PRO                    OCHRANU OSOBNICH ÚDAJŮ, 11.12.2014 (“RYNES”)

1.28

C-615/13   P,   CLIENT   EARTH   ET   AL.   V.   EFSA, 16.7.2015 (“CLIENTEARTH”)

1.29

C-201/14, SMARANDA BARA ET AL. V. PRESEDINTELE CASEI NATIONALE DE ASIGURARI DE SANATATE (CNAS) ET AL., 1.10.2015 (“BARA”)

1.30

C-230/14, WELTIMMO S.R.O. V. NEMZETI ADATVEDELMI ES INFORMACIOSZABADSAG HATOSAG (HUNGARIANDPA), 1.10.15(“WELTIMMO”)

1.31

C-362/14,     SCHREMS    V.    DATA                    PROTECTION COMMISSIONER, 6.10.2015 (“SCHREMS”)

2

GENERAL COURT DECISIONS

2.1

T-320/02, ESCH-LEONHARDT AND OTHERS V EUROPEAN CENTRAL BANK, 18.2.2004 (“ESCH- LEONHARDT”)

2.2

T-198/03, BANK AUSTRIA CREDITANSTALT AG V COMMISSION OF THE EUROPEAN COMMUNITIES, 30.5.2006 (“BANK AUSTRIA”)

2.3

T-259/03, NIKOLAOU V. COMMISSION, 12.9.2007 (“NIKOLAOU”)

2.4

T-161/04,    JORDANA  V.   COMMISSION,  7.7.2011 (“JORDANA”)

2.5

T-82/09, DENNEKAMP V. EUROPEAN PARLIAMENT, 23.11.2011 (“DENNEKAMP I”)

2.6

T-190/10,    EGAN   &    HACKETT    V.                   EUROPEAN PARLAMENT, 28.3.2012 (“EGAN &HACKETT”)

2.7

T-115/13, DENNEKAMP V. EUROPEAN PARLIAMENT (15.7.2015) (“DENNEKAMP II”)

2.8

T-496/13,         MCCULLOUGH        V.        CEDEFOP (11.6.2015)(“MCCULLOUGH”)

3

CIVIL SERVICE TRIBUNAL DECISIONS

3.1

F-30/08, NANOPOULOS V. COMMISSION, 11.5.2010 (“NANOPOULOS”) (ON APPEAL, CASE T-308/10)

3.2

F-46/09, V & EDPS V. EUROPEAN PARLAMENT, 5.7.2011 (“V”)

4

POST GDPR IMPLEMENTATION CASE LAWS

4.1

GOOGLE CASE

4.2

GERMAN COURTS - WHETHER AN INFRINGEMENT OF THE GDPR ALSO QUALIFIES AS UNFAIR- COMPETITIVE BEHAVIOR

4.3

GOOGLE IN LANDMARK NORDIC LEGAL CASE ON THE “RIGHT TO BE FORGOTTEN.”

4.4

GDPR FINE –BARREIRO MONTIJO HOSPITAL CENTER IN PORTUGAL CASE

4.5

FACEBOOK BREACH IN GDPR TEST CASE.

 

SUMMARY OF EU COURT DECISIONS RELATING TO DATA PROTECTION (ORGANISED BY TOPIC)

1

GENERAL

1.1

DEFINITION OF PERSONAL DATA

1.2

DEFINITION OF PROCESSING

1.3

DEFINITION OF CONTROLLER

1.4

LEGAL PERSONS

1.5

SENSITIVE PERSONAL DATA

1.6

CONSENT

1.7

NECESSITY/PROPORTIONALITY

1.8

SECURITY

1.9

DEROGATIONS

1.10

NON-CONTRACTUAL LIABILITY

2

DATA SUBJECT RIGHTS

2.1

INFORMATION

2.2

ACCESS

2.3

ERASURE

3

BALANCING FUNDAMENTAL RIGHTS

3.1

PROTECTION OF PROPERTY AND AN EFFECTIVE REMEDY

3.2

FREEDOM OF EXPRESSION

3.2

ACCESS TO DOCUMENTS

4

TRANSFERS

4.1

APPROPRIATE LEGAL BASIS

4.2

ADEQUATE LEVEL OF PROTECTION

4.3

SAFE HARBOUR

5

REGULATION 45/2001

5.1

SCOPE

5.2

LAWFULNESS

6

DIRECTIVE 95/46

6.1

SCOPE

6.2

LAWFULNESS

6.3

ESTABLISHMENT OF THE CONTROLLER

6.4

INDEPENDENCE OF DPA

6.5

DPA POWERS

6.6

PROCESSING     FOR      SOLELY                          JOURNALISTIC PURPOSES

6.7

PROCESSING    FOR     PURELY     PERSONAL                         OR HOUSEHOLD ACTIVITY

6.8

TRANSPOSITION/HARMONISATION

6.9

DIRECT APPLICABILITY

7

DIRECTIVE 2002/58

7.1

SCOPE

7.2

TRAFFIC DATA

8

DIRECTIVE 2006/24

8.1

APPROPRIATE LEGAL BASIS

8.2

SCOPE

8.3

LAWFULNESS

9

ARTICLES 7, 8 CFR

10

ARTICLE 8 ECHR

 

APPENDIX 1: RECITALS [1 to 173]

 

APPENDIX 2: EU/EEA NATIONAL

SUPERVISORY AUTHORITIES

 

APPENDIX 3: LOOPHOLES IN GDPR

 

APPENDIX 4: FLOW CHART – COMPOSITION OF EUROPEAN DATA PROTECTION BOARD

 

342

PREFACE

 

 

I was the early starter to get awakened towards GDPR due to my practice in cyber and privacy law. When I first started the firm EUGDPR Institute, I was sure about writing a book on GDPR but never knew the connotations it would have. I was involved in training participants from many large IT Companies like Tech Mahindra, TCS, Oracle, IBM, Cognizant etc. and obviously partners from large law firms then I decided to pen this book as the legal language and its interpretation was always a challenge to these technology or GRC migrants. Being author of published and famous books on cyber law made the structure of this book clear in my mind. Articles of GDPR do have a typical international law kinda language and often raises more than one questions or doubts in the avid reader of the topic.

This book is a series of articles and interpretations. It deals with questions of applicability of GDPR articles in various scenarios; at its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

Fundamentally, almost every aspect of our lives revolves around data. From social media companies, to banks, retailers, and governments -- almost every service we use involves the collection and analysis of our personal data. Your name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations

In this busy age, when we are all bombarded with information, it is helpful, I think, to be offered a chance to take a breath and do things simply. There is something meditative about reading the GDPR articles one by one and again going through it next time. There is something therapeutic in watching people’s faces light up when they find they are compliant to particular article of GDPR. There is something healing in the simple task of being aware about applicability of GDPR to the organisation. GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU, which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation and practitioner in the world will need this book to understand, implement, comply and re-comply with GDPR.

Whether you are a DPO, a auditor, a lawyer, a student, a GRC professional, a privacy devotee, a lonely heart nostalgic for GDPR trainings — I hope you find something of value in

1 2 3 4 5 6 7 8 9 10 ... 71
Go to page:

Free e-book: «GDPR Articles With Commentary & EU Case Laws by Adv. Prashant Mali (red seas under red skies txt) 📕»   -   read online now on website american library books (americanlibrarybooks.com)

Comments (0)

There are no comments yet. You can be the first!
Add a comment