Abstract
In order to effectively enforce the protection of individuals, data subjects have been granted different rights under the GDPR. Compared to the Data Protection Directive, the controller not only has reinforced information obligations but will also be affected by other new or reinforced data subject rights, such as the right to data portability and the ‘right to be forgotten’. Therefore, entities should identify their new obligations in a timely manner and implement effective mechanisms and internal procedures to respond to data subjects’ requests to exercise their rights. Non-compliance with such request can lead to considerable fines under the GDPR. This chapter gives details on the different data subject rights, including practical implications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
v.d.Bussche/Zeiter, EDPL 2016, 576, 579; Gierschmann, ZD 2016,51, 53.
- 2.
Rec. 39 GDPR; Laue/Nink/Kremer, Datenschutzrecht, Informationspflichten (2016), rec. 1.
- 3.
- 4.
Arts. 10, 11 Data Protection Directive.
- 5.
Rec. 59 GDPR.
- 6.
Rec. 58 GDPR.
- 7.
Kamlah, in: Plath, BDSG/DSGVO, Art. 12 (2016), rec. 2.
- 8.
Paal, in: Paal/Pauly, DSGVO, Art. 12 (2017), rec. 28.
- 9.
Paal, in: Paal/Pauly, DSGVO, Art. 12 (2017), rec. 26.
- 10.
Paal, in: Paal/Pauly, DSGVO, Art. 12 (2017), rec. 26.
- 11.
Rec. 59 GDPR.
- 12.
Walter, DSRITB 2016, 367, 373.
- 13.
Rec. 58 GDPR.
- 14.
Art. 12 Secs. 7, 8 GDPR. Such icons shall be, where presented electronically, machine-readable.
- 15.
Laue/Nink/Kremer, Datenschutzrecht, Informationspflichten (2016), rec. 20.
- 16.
Rec. 60 GDPR.
- 17.
Rec. 60 GDPR.
- 18.
Arts. 10, 11 Data Protection Directive.
- 19.
Art. 14 Sec. 3 lit. a GDPR.
- 20.
Please note that, pursuant to Recital 61 of the Regulation, where personal data can be legitimately disclosed to another recipient, the data subject should be informed when the personal data are first disclosed to said recipient.
- 21.
Walter, DSRITB 2016, 367, 371.
- 22.
For further details see Paal, in: Paal/Pauly, DSGVO, Art. 13 (2017), recs. 22–23.
- 23.
Walter, DSRITB 2016, 367, 374.
- 24.
Rec. 61 GDPR.
- 25.
Art. 14 Sec. 5 lits. a-d GDPR.
- 26.
Pursuant to Recital 62 of the Regulation, such disproportionate effort could in particular exist where processing is carried out for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes. In that regard, the number of data subjects, the age of the data and any appropriate safeguards adopted should be taken into consideration. Moreover, pursuant to Art. 14 Sec. 5 lit. b GDPR, such disproportionate effort could be identified where the information obligation would render impossible or seriously impair the achievement of the objectives of processing.
- 27.
v.d.Bussche/Zeiter/Brombach, DB 2016, 1359, 1360.
- 28.
Hunton & Williams, The proposed Regulation (2015), p. 18.
- 29.
Quaas, in: Wolff/Brink, BeckOK, Art. 12 (2016), rec. 4.
- 30.
Art. 12 Sec. 3 phrase 4 GDPR.
- 31.
Walter, DSRITB 2016, 367, 373.
- 32.
Art. 12 Sec. 5 phrase 2 GDPR.
- 33.
- 34.
Kamlah, in: Plath, BDSG/DSGVO, Art. 12 (2016), rec. 20.
- 35.
Example drawn from Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 21.
- 36.
Art. 12 Sec. 3 phrase 2 GDPR. The provision by electronic means shall take place, unless otherwise requested by the data subject.
- 37.
Art. 12 Sec. 3 GDPR.
- 38.
Kamlah, in: Plath, BDSG/DSGVO, Art. 12 (2016), rec. 15.
- 39.
Kamlah, in: Plath, BDSG/DSGVO, Art. 12 (2016), rec. 14.
- 40.
Art. 12 Sec. 4 phrase 2 GDPR.
- 41.
Paal, in: Paal/Pauly, DSGVO, Art. 12 (2017), rec. 60.
- 42.
- 43.
Art. 15 Sec. 1 lits. a–h, Sec. 2 GDPR.
- 44.
Walter, DSRITB 2016, 367, 381.
- 45.
Rec. 63 GDPR.
- 46.
Art. 12 Sec. 5 GDPR.
- 47.
Rec. 63 GDPR.
- 48.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 27.
- 49.
Art. 15 Sec. 3 phrase 3 GDPR.
- 50.
Rec. 63 GDPR.
- 51.
Rec. 64 GDPR. Please note that, nevertheless, a controller should not retain personal data for the sole purpose of being able to react to potential requests.
- 52.
Walter, DSRITB 2016, 367, 385.
- 53.
Rec. 63 GDPR.
- 54.
- 55.
Rec. 63 GDPR.
- 56.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 31.
- 57.
v.d.Bussche/Zeiter, EDPL 2016, 576, 579.
- 58.
Wybitul, BB 2016, 1077, 1079.
- 59.
Walter, DSRITB 2016, 367, 386.
- 60.
Rec. 65 GDPR.
- 61.
Worms, in: Wolff/Brink, BeckOK, Art. 16 (2016), rec. 39.
- 62.
Worms, in: Wolff/Brink, BeckOK, Art. 16 (2016), rec. 41.
- 63.
Kamlah, in: Plath, BDSG/DSGVO, Art. 16 (2016), rec. 2.
- 64.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 34.
- 65.
Worms, in: Wolff/Brink, BeckOK, Art. 16 (2016), rec. 46.
- 66.
- 67.
Worms, in: Wolff/Brink, BeckOK, Art. 16 (2016), rec. 53.
- 68.
See also Mallmann, in: Simitis, BDSG, § 20 (2014), rec. 17 et seq.
- 69.
- 70.
- 71.
Kamlah, in: Plath, BDSG/DSGVO, Art. 16 (2016), rec. 7.
- 72.
Kamlah, in: Plath, BDSG/DSGVO, Art. 16 (2016), rec. 10.
- 73.
- 74.
Worms, in: Wolff/Brink, BeckOK, Art. 16 (2016), recs. 58–60.
- 75.
Paal, in: Paal/Pauly, DSGVO, Art. 16 (2017), rec. 20.
- 76.
Kamlah, in: Plath, BDSG/DSGVO, Art. 16 (2016), rec. 13.
- 77.
ECJ, ruling of 13 May 2014, Google Spain, C-131/12.
- 78.
- 79.
Art. 17 Sec. 1 lits. a-f GDPR.
- 80.
Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), rec. 25.
- 81.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 41.
- 82.
Example drawn from Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 22.
- 83.
Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), rec. 38.
- 84.
Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 40.
- 85.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 11.
- 86.
Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 41.
- 87.
- 88.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 13.
- 89.
- 90.
Rec. 65 GDPR.
- 91.
Rec. 65 GDPR.
- 92.
Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), recs. 50–53; identifying the exception as an obligation to erasure of the controller without the need of such a request by the data subject: Schantz, NJW 2016, 1841, 1845; negatively as regards such a kind of obligation is Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 28; disapprovingly as regards a separate scope of application of this exception is Härting, DSGVO (2016), recs. 698.
- 93.
Trying to differentiate between withdrawal and erasure under this provision: Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), recs. 50–53.
- 94.
- 95.
- 96.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 5.
- 97.
- 98.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 17.
- 99.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 17.
- 100.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec.17.
- 101.
ECJ, ruling of 13 May 2014, Google Spain, C-131/12, rec. 93; Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 17.
- 102.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 18.
- 103.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 50.
- 104.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 19.
- 105.
Kamlah, in: Plath, BDSG/DSGVO, Art. 17 (2016), rec. 19.
- 106.
Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), rec. 87.
- 107.
- 108.
- 109.
Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 30.
- 110.
Worms, in: Wolff/Brink, BeckOK, Art. 17 (2016), rec. 56.
- 111.
- 112.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 47.
- 113.
- 114.
- 115.
Under the GDPR, the concepts of Privacy by Design & Privacy by Default must be taken into account. For details see Sect. 3.7.
- 116.
- 117.
- 118.
See recs. 13, 98, 132, 167 GDPR.
- 119.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 48.
- 120.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 48.
- 121.
Paal, in: Paal/Pauly, DSGVO, Art. 17 (2017), rec. 37.
- 122.
- 123.
- 124.
- 125.
Kamlah, in: Plath, BDSG/DSGVO, Art. 18 (2016), rec. 5.
- 126.
Paal, in: Paal/Pauly, DSGVO, Art. 18 (2017), rec. 16.
- 127.
Kamlah, in: Plath, BDSG/DSGVO, Art. 18 (2016), rec. 8.
- 128.
- 129.
Kamlah, in: Plath, BDSG/DSGVO, Art. 18 (2016), recs. 6–7.
- 130.
- 131.
- 132.
Rec. 67 GDPR.
- 133.
Rec. 67 GDPR.
- 134.
Kamlah, in: Plath, BDSG/DSGVO, Art. 18 (2016), rec. 16.
- 135.
Worms, in: Wolff/Brink, BeckOK, Art. 18 (2016), rec. 50.
- 136.
- 137.
Kamlah, in: Plath, BDSG/DSGVO, Art. 19 (2016), rec. 6.
- 138.
Worms, in: Wolff/Brink, BeckOK, Art. 19 (2016), rec. 6.
- 139.
Rec. 68 GDPR.
- 140.
- 141.
- 142.
- 143.
- 144.
- 145.
- 146.
Kamlah, in: Plath, BDSG/DSGVO, Art. 20 (2016), rec. 4.
- 147.
Rec. 63 GDPR.
- 148.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 7.
- 149.
- 150.
- 151.
Jülicher/Röttgen/v.Schönfeld, ZD 2016, 358, 359.
- 152.
Jülicher/Röttgen/v.Schönfeld, ZD 2016, 358, 359.
- 153.
Schild, in: Wolff/Brink, BeckOK, Art. 4 (2016), rec. 34.
- 154.
Jaspers, DuD 2012, 571, 573.
- 155.
- 156.
Art. 29 Data Protection Working Party, WP 242 (2016), pp. 7–9.
- 157.
According to Art. 20 Sec. 3 phrase 2 GDPR and rec. 68 GDPR, the data subject’s right to data portability shall not apply to processing necessary for the performance of a task carried out in the public interest or for compliance with a legal obligation to which the controller is subject or in the exercise of official authority vested in the controller.
- 158.
- 159.
- 160.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 8.
- 161.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 9.
- 162.
Art. 29 Data Protection Working Party, WP 242 (2016), pp. 9–10.
- 163.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 10.
- 164.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 10.
- 165.
Rec. 63 GDPR.
- 166.
Rec. 63 GDPR.
- 167.
- 168.
Bitkom, Position paper (2017), p. 7.
- 169.
Bitkom, Position paper (2017), pp. 7–8.
- 170.
Art. 20 Sec. 1 GDPR; rec. 68 GDPR.
- 171.
Schätzle, PinG 2016, 71, 74.
- 172.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 13.
- 173.
Rec. 68 GDPR.
- 174.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 66.
- 175.
- 176.
Art. 29 Data Protection Working Party, WP 242 (2016), p. 5.
- 177.
Gierschmann, ZD 2016, 51, 54.
- 178.
Jülicher/Röttgen/v.Schönfeld, ZD 2016, 358, 360.
- 179.
Jülicher/Röttgen/v.Schönfeld, ZD 2016, 358, 360.
- 180.
- 181.
Jülicher/Röttgen/v.Schönfeld, ZD 2016, 358, 360.
- 182.
- 183.
Schätzle, PinG 2016, 71, 73 who deems at least any contractual exclusion unlawful that excludes the right to data portability beyond the termination of the contract between the data subject and the controller.
- 184.
See also Kingreen, in: Calliess/Ruffert, EUV/AEUV, Art. 8 EU-GrCharta (2016), rec. 9.
- 185.
- 186.
The GDPR does not establish a general right to data portability. Art. 29 Data Protection Working Party, WP 242 (2016), p. 7.
- 187.
v.d.Bussche/Zeiter, EDPL 2016, 576, 579.
- 188.
- 189.
Kamlah, in: Plath, BDSG/DSGVO, Art. 21 (2016), rec. 5.
- 190.
- 191.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 30.
- 192.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 30.
- 193.
Rec. 69 GDPR.
- 194.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 39.
- 195.
Pursuant to Art. 4 No. 4 GDPR, profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to an individual, in particular to analyse or predict aspects concerning that individual’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- 196.
- 197.
Art. 14 subsection 1 lit. b Data Protection Directive.
- 198.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 55.
- 199.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 54.
- 200.
Rec. 162 GDPR.
- 201.
Albrecht/Jotzo, Datenschutzrecht, Allgemeine Bestimmungen (2017), recs. 71–72.
- 202.
Rec. 162 GDPR.
- 203.
- 204.
Art. 21 Sec. 6 GDPR.
- 205.
Laue/Nink/Kremer, Datenschutzrecht, Rechte der betroffenen Person (2016), rec. 74.
- 206.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 33.
- 207.
Martini, in: Paal/Pauly, DSGVO, Art. 21 (2017), rec. 33.
- 208.
Gierschmann, ZD 2016, 51, 54.
- 209.
The prohibition was provided for in § 6a BDSG.
- 210.
Kamlah, in: Plath, BDSG/DSGVO, Art. 22 (2016), rec. 4.
- 211.
- 212.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), rec. 29; see also Gola/Klug/Körffer, in: Gola/Schomerus, BDSG, § 6a (2015), rec. 1; Scholz, in: Simitis, BDSG, § 6a (2014), rec. 1; v. Lewinski, in: Wolff/Brink, BeckOK, § 6a (2016), recs. 1, 1.1; negatively see Laue/Nink/Kremer, Datenschutzrecht, Zulässigkeit der Verarbeitung (2016), recs. 71–72; Kamlah, in: Plath, BDSG/DSGVO, Art. 22 (2016), rec. 4.
- 213.
Rec. 71 GDPR.
- 214.
Rec. 71 GDPR.
- 215.
- 216.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), recs. 17–19; see also Kamlah, in: Plath, BDSG/DSGVO, § 6a (2016), rec. 12; Scholz, in: Simitis, BDSG, § 6a (2014), recs. 14–16; v. Lewinski, in: Wolff/Brink, BeckOK, § 6a (2016), rec. 17; negatively see Laue/Nink/Kremer, Datenschutzrecht, Zulässigkeit der Verarbeitung (2016), rec. 75.
- 217.
See also Scholz, in: Simitis, BDSG, § 6a (2014), recs. 14–15.
- 218.
- 219.
See also v. Lewinski, in: Wolff/Brink, BeckOK, § 6a (2016), rec. 18.
- 220.
Art. 4 No. 4 GDPR.
- 221.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), rec. 21.
- 222.
- 223.
- 224.
- 225.
- 226.
- 227.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), rec. 23.
- 228.
- 229.
Art. 22 Sec. 2 lits. a–c GDPR.
- 230.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), rec. 31.
- 231.
- 232.
- 233.
Rec. 71 GDPR.
- 234.
Art. 22 Sec. 3 GDPR; rec. 71 GDPR.
- 235.
Martini, in: Paal/Pauly, DSGVO, Art. 22 (2017), rec. 39.
- 236.
Rec. 71 GDPR.
- 237.
- 238.
Grages, in: Plath, BDSG/DSGVO, Art. 23 (2016), rec. 6.
References
Albrecht JP (2016) Das neue EU-Datenschutzrecht - von der Richtlinie zur Verordnung, CR, pp 88–98
Albrecht JP, Jotzo F (eds) (2017) Allgemeine Bestimmungen, Rechtmäßigkeit der Datenverarbeitung; Individuelle Datenschutzrechte, Einschränkungen der Rechte. In: Das neue Datenschutzrecht der EU. 1st edn. Nomos, Baden-Baden
Art. 29 Data Protection Working Party (2016) Guidelines on the right to data portability, WP 242
Bitkom (2017) Position paper - Stellungnahme zu den Auslegungsrichtlinien der Art.29-Datenschutzgruppe zum Recht auf Datenportabilität (paper in english language). https://www.bitkom.org/Bitkom/Publikationen/Bitkom-Stellungnahme-zur-Datenportabilitaet.html. Accessed 22 Mar 2017
Brink S (2016) § 35 BDSG. In: Wolff HA, Brink S (eds) Beck’scher Online-Kommentar Datenschutzrecht, 18th edn. C.H.Beck, Munich
Gierschmann S (2016) Was ‘bringt’ deutschen Unternehmen die DS-GVO? - Mehr Pflichten, aber die Rechtsunsicherheit bleibt, ZD, pp 51–55
Gola P, Klug C, Körffer B (2015) § 6a BDSG. In: Gola P, Schomerus R (eds) Bundesdatenschutzgesetz Kommentar, 12th edn. C.H.Beck, Munich
Grages J-M (2016) Arts. 23, 89 DSGVO. In: Plath K-U (ed) BDSG/DSGVO, 2nd edn. Verlag Dr. Otto Schmidt, Cologne
Härting N (2012) Starke Behörden, schwaches Recht – Der neue EU-Datenschutzentwurf, BB, pp 459–466
Härting N (ed) (2016) Datenschutz-Grundverordnung, 1st edn. Dr. Otto Schmidt Verlag, Cologne
Holznagel B, Hartmann S (2016) Das ‘Recht auf Vergessenwerden’ als Reaktion auf ein grenzenloses Internet, MMR, pp 228–232
Hunton & Williams (2015) The proposed EU general data protection regulation. https://www.huntonregulationtracker.com/files/Uploads/Documents/EU%20Data%20Protection%20Reg%20Tracker/Hunton_Guide_to_the_EU_General_Data_Protection_Regulation.pdf. Accessed 19 Dec 2016
Jaspers A (2012) Die EU-Datenschutzgrundverordnung, DuD, pp 571–575
Jülicher T, Röttgen C, von Schönfeld M (2016) Das Recht auf Datenübertragbarkeit, ZD, pp 358–362
Kamlah W (2016) Arts. 12, 16, 17, 18, 19, 20, 21, 22 DSGVO; § 6a BDSG. In: Plath K-U (ed) BDSG/DSGVO, 2nd edn. Verlag Dr. Otto Schmidt, Cologne
Kingreen T (2016) Art. 8 EU-GrCharta. In: Calliess C, Ruffert M (eds) EUV/AEUV, 5th edn. C.H.Beck, Munich
Krüger P-L (2016) Datensouveränität und Digitalisierung, ZRP, pp 190–192
Kühling J, Martini M (2016) Die Datenschutz-Grundverordnung: Revolution oder Evolution im europäischen und deutschen Datenschutzrecht?, EuZW, pp 448–454
Laue P, Nink J, Kremer S (eds) (2016) Einführung; Informationspflichten; Rechte der betroffenen Personen; Zulässigkeit der Verarbeitung. In: Das neue Datenschutzrecht in der betrieblichen Praxis, 1st edn. Nomos, Baden-Baden
Leutheusser-Schnarrenberger S (2015) Das Recht auf Vergessenwerden – ein Durchbruch oder ein digitales Unding?, ZD, pp 149–150
Mallmann O (2014) § 20 BDSG. In: Simitis S (ed) Bundesdatenschutzgesetz, 8th edn. Nomos, Baden-Baden
Martini M (2017) Arts. 21, 22 DSGVO. In: Paal BP, Pauly DA (eds) Beck’sche Kompaktkommentare Datenschutz-Grundverordnung, 1st edn. C.H.Beck, Munich
Paal BP (2017) Arts. 12, 13, 15, 16, 17, 18, 19, 20, 23 DSGVO. In: Paal BP, Pauly DA (eds) Beck’sche Kompaktkommentare Datenschutz-Grundverordnung, 1st edn. C.H.Beck, Munich
Piltz C (2016) Die Datenschutz-Grundverordnung, K&R, pp 557–567
Quaas S (2016) Art. 12 DSGVO. In: Wolff HA, Brink S (eds) Beck’scher Online-Kommentar Datenschutzrecht, 18th edn. C.H.Beck, Munich
Schantz P (2016) Die Datenschutz-Grundverordnung – Beginn einer neuen Zeitrechnung im Datenschutzrecht, NJW, pp 1841–1847
Schätzle D (2016) Ein Recht auf Fahrzeugdaten, PinG 2016, pp 71–75
Schild HH (2016) Art. 4 DSGVO. In: Wolff HA, Brink S (eds) Beck’scher Online-Kommentar Datenschutzrecht, 18th edn. C.H.Beck, Munich
Scholz P (2014) § 6a BDSG. In: Simitis S (ed) Bundesdatenschutzgesetz, 8th edn. Nomos, Baden-Baden
Simitis S (2014) § 28 BDSG. In: Simitis S (ed) Bundesdatenschutzgesetz, 8th edn. Nomos, Baden-Baden
von dem Bussche AF, Zeiter A (2016) Practitioner’s corner – implementing the EU general data protection regulation: a business perspective. EDPL (4):576–581
von dem Bussche AF, Zeiter A, Brombach T (2016) Die Umsetzung der Vorgaben der EU-Datenschutz-Grundverordnung durch Unternehmen, DB, pp 1359–1365
von Lewinski K (2016) § 6a BDSG. In: Wolff HA, Brink S (eds) Beck’scher Online-Kommentar Datenschutzrecht, 18th edn. C.H.Beck, Munich
Walter S (2016) Die datenschutzrechtlichen Transparenzpflichten nach der EU-DSGVO, DSRITB, pp 367–386
Worms C (2016) Arts. 16, 17, 18, 19 DSGVO. In: Wolff HA, Brink S (eds) Beck’scher Online-Kommentar Datenschutzrecht, 18th edn. C.H.Beck, Munich
Wybitul T (2016) EU-Datenschutz-Grundverordnung in der Praxis - Was ändert sich durch das neue Datenschutzrecht?, BB, pp 1077–1081
Wybitul T, Rauer N (2012) EU-Datenschutz-Grundverordnung und Beschäftigtendatenschutz, ZD, pp 160–164
Zikesch P, Kramer R (2015) Die DS-GVO und das Berufsrecht der Rechtsanwälte, Steuerberater und Wirtschaftsprüfer, ZD, pp 565–570
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Voigt, P., von dem Bussche, A. (2017). Rights of Data Subjects. In: The EU General Data Protection Regulation (GDPR). Springer, Cham. https://doi.org/10.1007/978-3-319-57959-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-57959-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57958-0
Online ISBN: 978-3-319-57959-7
eBook Packages: Law and CriminologyLaw and Criminology (R0)