Abstract
This article purports to be an introductory “easy reading” tool assisting non-experts in the field of data protection to comprehend the complex legalities of the General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC (the Directive). The article explores what the GDPR is expected to deliver and how it is envisaged to remedy some of the shortcomings of the Directive. The article does not go into an in-depth legal analysis of the GDPR. Instead, it attempts to explain how the expectations relating to the GDPR are reflected in some of its core provisions. Understanding the “spirit of the law” may assist the reader to comprehend its letter.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA, OJ L 135/53 (GDPR ) Preamble par. 9.
- 2.
GDPR Article 3.
- 3.
GDPR Article 4.
- 4.
GDPR Article 12.
- 5.
GDPR Article 15(3).
- 6.
GDPR Article 11.
- 7.
GDPR Article 7.
- 8.
GDPR Article 8.
- 9.
GDPR Article 22.
- 10.
GDPR Preamble par. 71.
- 11.
GDPR Article 17.
- 12.
CJEU, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, Case C-131/12, Judgement of 13 May 2014.
- 13.
Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, par. 84.
- 14.
GDPR Article 20.
- 15.
GDPR Article 25.
- 16.
This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.
- 17.
Article 29 Data Protection Working Party, Statement on Statement of the WP29 on the impact of the development of big data on the protection of individuals with regard to the processing of their personal data in the EU, Adopted on 16 September 2016, Document ref. no. WP221, p 2.
- 18.
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector, as amended by Directive 2009/136/EC and by Regulation (EU) No 611/2013 on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC.
- 19.
Article 2(h) of Directive 2002/58/EC provides that “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a publicly available electronic communications service in the Community.
- 20.
GDPR Articles 33 and 34.
- 21.
GDPR Preamble par. 127 and 128.
- 22.
GDPR Article 30.
- 23.
Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol) and replacing and repealing Council Decisions 2009/371/JHA, 2009/934/JHA, 2009/935/JHA, 2009/936/JHA and 2009/968/JHA,OJ L 135/53; Council Decision 2002/187/JHA of 28 February 2002 setting up Eurojust with a view to reinforcing the fight against serious crime, as amended by Council Decision 2009/426/JHA of 16 December 2008 on the strengthening of Eurojust and amending Decision 2002/187/JHA setting up Eurojust with a view to reinforcing the fight against serious crime.
- 24.
GDPR Article 37.
- 25.
GDPR Articles 38 and 39.
- 26.
GDPR Preamble par.167.
- 27.
GDPR Article 40.
- 28.
GDPR Article 42.
- 29.
GDPR Article 30(5).
- 30.
GDPR Article 57(1)(b).
- 31.
GDPR Preamble par. 132.
- 32.
GDPR Article 5(1)(a).
- 33.
GDPR Article 12(1).
- 34.
GDPR Article 13(2).
- 35.
GDPR Article 14(2).
- 36.
GDPR Article 26.
- 37.
GDPR Article 40.
- 38.
GDPR Article 41(2)(c).
- 39.
GDPR Article 42(3).
- 40.
GDPR Article 43(2)(d).
- 41.
GDPR Article 53(1).
- 42.
GDPR Article 5(2).
- 43.
GDPR Articles 33 and 34.
- 44.
GDPR Preamble par. 85.
- 45.
Article 29 Data Protection Working Party, Opinion 8/2014 on the on Recent Developments on the Internet of Things, Adopted on 16 September 2014, Ref.14/EN, WP223, p 7.
- 46.
GDPR Article 40(1).
- 47.
GDPR Article 42.
- 48.
GDPR Article 58.
- 49.
Article 29 Data Protection Working Party, Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR), Adopted on 2 February 2016, Ref. 442/16/EN, WP 236, p 2.
- 50.
GDPR Article 52(4).
- 51.
GDPR Article 62(3).
- 52.
GDPR Article 61.
- 53.
GDPR Article 54.
- 54.
GDPR Articles 56 and 57.
- 55.
GDPR Article 60(1).
- 56.
GDPR Article 50.
- 57.
GDPR Article 63.
- 58.
GDPR Article 65.
- 59.
GDPR Article 68.
- 60.
GDPR Articles 69–76.
- 61.
GDPR Article 24(1).
- 62.
GDPR Article 26(1).
- 63.
GDPR Article 28(3)(h).
- 64.
GDPR Preamble paragraphs 23 and 80.
- 65.
GDPR Article 27.
- 66.
GDPR Article 77(1).
- 67.
GDPR Article 79(1).
- 68.
GDPR Article 82(1).
- 69.
GDPR Article 82(4).
- 70.
GDPR Article 78(1).
- 71.
GDPR Article 78(4).
- 72.
GDPR Preamble par. 151.
- 73.
GDPR Article 58(2) and Preamble par.151. Special rules apply to Denmark and Estonia.
- 74.
GDPR Article 83.
- 75.
GDPR Article 84.
- 76.
GDPR Article 45.
- 77.
CJEU, Maximillian Schrems v Data Protection Commissioner A/S, Case C-362/14, Judgment of 6 October 2015.
- 78.
GDPR Article 46.
- 79.
GDPR Article 47.
- 80.
It is not clear to the authors why DPAs should apply the consistency mechanism in cases of bilateral administrative agreements, which are a purely national matter.
- 81.
GDPR Article 49.
- 82.
GDPR Article 48.
- 83.
GDPR Article 1(3).
- 84.
Article 29 Data Protection Working Party, Joint Statement of the European Data Protection Authorities assembled in the Article 29 Working Party, Adopted on 26 November 2014, Ref. 14/EN, WP 227, p 2.
- 85.
GDPR Preamble par. 9.
- 86.
GDPR Preamble par. 6.
- 87.
GDPR Preamble par. 4.
- 88.
GDPR Article 17(3)(a).
- 89.
GDPR Article 85(1).
References
Article 29 Data Protection Working Party, Joint Statement of the European Data Protection Authorities assembled in the Article 29 Working Party, Adopted on 26 November 2014, Ref. 14/EN, WP 227, p 2
Article 29 Data Protection Working Party, Opinion 8/2014 on the on Recent Developments on the Internet of Things, Adopted on 16 September 2014, Ref.14/EN, WP223, p 7
Article 29 Data Protection Working Party, Statement on Statement of the WP29 on the impact of the development of big data on the protection of individuals with regard to the processing of their personal data in the EU, Adopted on 16 September 2016, Ref. 14/EN, WP221, p 2
Article 29 Data Protection Working Party, Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR), Adopted on 2 February 2016, Ref. 442/16/EN, WP 236, p 2
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Nicolaidou, I.L., Georgiades, C. (2017). The GDPR: New Horizons. In: Synodinou, TE., Jougleux, P., Markou, C., Prastitou, T. (eds) EU Internet Law. Springer, Cham. https://doi.org/10.1007/978-3-319-64955-9_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-64955-9_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-64954-2
Online ISBN: 978-3-319-64955-9
eBook Packages: Law and CriminologyLaw and Criminology (R0)