Jump to ContentJump to Main Navigation
The EU General Data Protection Regulation (GDPR) – A Commentary - Oxford Scholarship Online
Users without a subscription are not able to see the full content.

The EU General Data Protection Regulation (GDPR): A Commentary

Christopher Kuner, Lee A. Bygrave, Christopher Docksey, and Laura Drechsler

Abstract

This new book provides an article-by-article commentary on the new EU General Data Protection Regulation. Adopted in April 2016 and applicable from May 2018, the GDPR is the centrepiece of the recent reform of the EU regulatory framework for protection of personal data. It replaces the 1995 EU Data Protection Directive and has become the most significant piece of data protection legislation anywhere in the world. This book is edited by three leading authorities and written by a team of expert specialists in the field from around the EU and representing different sectors (including academia, t ... More

Bibliographic Information

Print publication date: 2020 Print ISBN-13: 9780198826491
Published to Oxford Scholarship Online: March 2021 DOI:10.1093/oso/9780198826491.001.0001

Authors

Affiliations are at time of print publication.

Christopher Kuner, editor

Lee A. Bygrave, editor

Christopher Docksey, editor

More
Show Summary Details

subscribe or login to access all content.

Contents

View:

Background and Evolution of the EU General Data Protection Regulation (GDPR)

Christopher Kuner, Lee A. Bygrave, and Christopher Docksey

Chapter I General Provisions (Articles 1–4)

Article 2 Material scope

Herke Kranenborg

Article 3 Territorial scope

Dan Jerker B. Svantesson

Article 4 Definitions

Luca Tosoni and Lee A. Bygrave

Article 4(1). Personal data

Lee A. Bygrave and Luca Tosoni

Article 4(2). Processing

Luca Tosoni and Lee A. Bygrave

Article 4(4). Profiling

Lee A. Bygrave

Article 4(7). Controller

Lee A. Bygrave and Luca Tosoni

Article 4(8). Processor

Lee A. Bygrave and Luca Tosoni

Article 4(11). Consent

Lee A. Bygrave and Luca Tosoni

Article 4(13). Genetic data

Lee A. Bygrave and Luca Tosoni

Article 4(14). Biometric data

Lee A. Bygrave and Luca Tosoni

Article 4(15). Data concerning health

Lee A. Bygrave and Luca Tosoni

Article 4(18). Enterprise

Lee A. Bygrave and Luca Tosoni

Article 4(26). International organisation

Lee A. Bygrave and Luca Tosoni

Chapter II Principles (Articles 5–11)

Article 9 Processing of special categories of personal data

Ludmila Georgieva and Christopher Kuner

Chapter III Rights of the Data Subject (Articles 12–23)

Section 2 Information and access to personal data

Section 3 Rectification and erasure

Article 16 Right to rectification

Cécile de Terwangne

Section 4 Right to object and automated individual decision-making

Article 21 Right to object

Gabriela Zanfir-Fortuna

Section 5 Restrictions

Article 23 Restrictions

Dominique Moore

Chapter IV Controller and Processor (Articles 24–43)

Article 26 Joint controllers

Christopher Millard and Dimitra Kamarinou

Article 28 Processor

Christopher Millard and Dimitra Kamarinou

Section 2 Security of personal data

Section 3 Data protection impact assessment and prior consultation

Article 36 Prior consultation

Cecilia Alvarez Rigaudias and Alessandro Spina

Section 4 Data protection officer

Article 37 Designation of the data protection officer

Cecilia Alvarez Rigaudias and Alessandro Spina

Article 38 Position of the data protection officer

Cecilia Alvarez Rigaudias and Alessandro Spina

Article 39 Tasks of the data protection officer

Cecilia Alvarez Rigaudias and Alessandro Spina

Section 5 Codes of conduct and certification

Article 42 Certification

Ronald Leenes

Chapter V Transfers of Personal Data to Third Countries or International Organisations (Articles 44–50)

Chapter VI Independent Supervisory Authorities (Articles 51–59)

Article 52 Independence

Thomas Zerdick

Section 2 Competence, tasks and powers

Article 55 Competence

Hielke Hijmans

Article 57 Tasks

Hielke Hijmans

Article 58 Powers

Ludmila Georgieva and Matthias Schmidl

Chapter VII Cooperation and Consistency (Articles 60–76)

Section 2 Consistency

Article 63 Consistency mechanism

Patrick Van Eecke and Anrijs Šimkus

Article 64 Opinion of the Board

Patrick Van Eecke and Anrijs Šimkus

Article 66 Urgency procedure

Ludmila Georgieva

Article 67 Exchange of information

Patrick Van Eecke and Anrijs Šimkus

Section 3 European Data Protection Board

Article 69 Independence

Christopher Docksey

Article 70 Tasks of the Board

Christopher Docksey

Article 71 Reports

Christopher Docksey

Article 72 Procedure

Christopher Docksey

Article 73 Chair

Christopher Docksey

Article 74 Tasks of the Chair

Christopher Docksey

Article 75 Secretariat

Christopher Docksey

Article 76 Confidentiality

Christopher Docksey

Chapter VIII Remedies, Liability and Penalties (Articles 77–84)

Article 84 Penalties

Orla Lynskey

Chapter IX Provisions Relating to Specific Processing Situations (Articles 85–91)

Article 88 Processing in the context of employment

Patrick Van Eecke and Anrijs Šimkus

Article 90 Obligations of secrecy

Christian Wiese Svanberg

Chapter X Delegated Acts and Implementing Acts (Articles 92–93)

Chapter XI Final Provisions (Articles 94–99)

End Matter