The European General Data Protection Regulation - Ensuring Compliant Corporate Practice

The European General Data Protection Regulation introduces a uniform data protection legislation which will apply directly in all EU Member States and which will also have to be observed by numerous companies outside the EU who have business in the EU. The handbook clearly and concisely addresses the key changes resulting from the Regulation and the requirements it places on typical business processes and rapidly spreading new technologies, also by using practically relevant examples. The handbook therefore provides the ideal basis for all international companies affected by the Regulation to review their existing business processes and ensure that new processes and business models are in line with these new data protection requirements. To this extent, the handbook focuses on the following issues:

• Scope and logic of the General Data Protection Regu­lation and remaining areas regulated at national level
• Mandatory data protection impact assessment
• Appointment of a data protection officer
• Transfer of personal data to third countries
• Cloud computing, outsourcing
• Advertising and data protection
• Profiling and big data analysis
• Requirements placed on IT security
• Information and reporting obligations
• Data breach notifications
• Rights of persons affected
• Liability and sanctions for data protection breaches

Both authors are leading practitioners at Noerr LLP specialised in information technology law and data protection law.