The EU’s General Data Protection Regulation (GDPR) entered into force in May 2018. It is the most significant legal development in the sphere of privacy and data protection in the EU in the past 20 years. The ramifications of this new legislation are wide-ranging since they do not only affect the EU, but also every country that interacts with EU consumers. Now that the dust has settled, several questions have been raised: How does the GDPR interact with national and sectorial legislation? What triggers its extraterritorial application? How does the role of the Data Protection Officer function in practice? How should companies deal with data subject access requests? How does data breach notification work and what is the role of Supervisory Authorities in this new era?
The book addresses all of these issues and many more through an eclectic mix of academic debate and practical considerations. Its unique approach explains the theory and reasoning behind every major GDPR development, and connects them to how these provisions work in practice. The book follows a disciplined structure in accordance with the GDPR and discusses the topical debates surrounding it in the past two years. It goes on to provide an outlook of what the future of privacy in the EU will look like as regards each of these contentious and rapidly emerging areas of the law, such as cross-border data transfer, privacy litigation and privacy activism.