Understanding the New European Data Protection Rules
eBook - ePub

Understanding the New European Data Protection Rules

  1. 508 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Understanding the New European Data Protection Rules

About this book

Compared to the US, European data and privacy protection rules seem Draconian. The European rules apply to any enterprise doing business in the EU. The new rules are far more stringent than the last set. This book is a quick guide to the directives for companies, particularly US, that have to comply with them. Where US organizations and businesses who collect or receive EU personal data fail to comply with the rule, the bottom line can suffer from very significant official fines and penalties, as well as from users, customers or representative bodies to pursuing litigation. This guide is essential for all US enterprises who directly or indirectly deal with EU personal data.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Understanding the New European Data Protection Rules by Paul Lambert in PDF and/or ePUB format, as well as other popular books in Business & Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Auerbach Publications
Year
2017
eBook ISBN
9781351630085
Edition
1
Topic
Business
Subtopic
Management
Index
Business
1
NECESSARY TO CONSIDER EU RULES
Introduction
Commercial imperatives and what is expected by employees, customers, and users mean that data protection is a fast-growing global compliance issue. Organizations and businesses must respect personal data and data protection issues as regards their employeesā€™, customersā€™, and usersā€™ data. As part of this, organizations also need to be aware of new European rules in relation to personal data and data protection. EU rules that were already in existence dating from 1995 have been replaced and enhanced. The 1995 data protection directive (DPD95) was replaced in 2016 with a new wider data protection regulation. The new regulation is formally referred to as the EU General Data Protection Regulation (GDPR). The GDPR is the single most important personal data and data protection set of rules to arrive in over 20 years. It strengthens the applicable rules as well as introducing many new ones. The GDPR is one of the most important developments for EU, US, and other organizations to be aware of. This is also important for those who professionally advise organizations. Understanding what is required in the new EU data protection rules is essential.
Under the EU data protection rules, an organization is referred to as a ā€œcontrollerā€ (i.e., the data controller). (An outsourced organization carrying out certain defined activities for and directed by the main data controller organization is referred to as a ā€œprocessorā€ [i.e., data processor for the controller organization]).
EU Data Protection Rules Are Important for US Businesses
Why are EU data protection rules important for US businesses? Some of the reasons include
ā€¢The EU accounts for approximately 20% of worldwide exports and imports.
ā€¢The EU is the largest (or second largest, depending on figures) worldwide importer.
ā€¢The EU is made up of 28 states (with standardized rules making it streamlined and easier for business).
ā€¢Even after Brexit, EU or EU equivalent data protection legal standards will apply in the UKā€”including the new GDPR.
ā€¢The EU market is approximately 510 m people (third largest world population after China/India).
ā€¢EU data protection rules apply across all relevant organizations (regardless of size).
ā€¢EU data protection rules apply to controller organizations.
ā€¢EU data protection rules apply to processor organizations.
ā€¢EU data protection rules apply to and protect all relevant individuals.
ā€¢EU data protection rules require compliance from all US organizations based in the EU.
ā€¢EU data protection rules apply to US organizations exporting to EU consumers.
ā€¢EU data protection rules apply to proposed transfers or exports of personal data from the EU to the US.
ā€¢The EU data protection rules have been modernized and enhanced significantly in the new GDPR.
ā€¢There are new requirements in relation to the growing problem of data breach issues.
ā€¢There are new and enhanced compliance rules.
ā€¢There are mandated Data Protection Officers in organizations.
ā€¢There are new rights for individuals against businesses.
ā€¢Most striking perhaps is the new penalties and fines regime.
ā€¢Non-compliance or inadequate compliance can result in penalties of up to ā‚¬20 m or 4% of global annual turnover.
ā€¢This is a lightning bolt for US, EU, and other organizations assessing and understanding the new EU data protection rules.
So, EU data protection rules can apply from the smallest to the largest US businesses when they seek to exploit the EU consumer marketplace.
Transatlantic business is significant, including Internet, eCommerce, aeronautics, technology, computing, finance, services, and so on. The Internet means that data protection is ā€œclearly a global matter.ā€*
Even where a US company is not dealing directly with EU consumers, such as processors, outsource companies, and cloud storage entities such as third-party data processors that hold or deal with the EU consumer or employee data for the organization, it must note that EU data protection rules can also apply.
As indicated in the preceding list, the new fines rules are very significant and present a risk for organizations in the EU, dealing with the EU, and/or receiving data from the EU.
Therefore, EU data protection rules can be directly relevant for many US businesses, and compliance is required. The new EU rules are also important for other reasons. The previous EU rules (in the DPD95) were viewed around the world as the best standard for data protection and for other countries modeling their own data protection rules. European data protection laws are frequently recognized as being ā€œof the highest standards in the world.ā€ā€  There have also been calls for the US to adopt similar rules. Indeed, certain US state rules have been described as similar to some of the EU rules.
Any processing of personal data in the context of the activities of an establishment of a controller or a processor organization in the EU should be carried out in accordance with the GDPR, regardless of whether the processing itself takes place within the EU.ā€”
To ensure that persons are not deprived of protection, the processing of personal data of individual data subjects who are in the EU by a controller or a processor not established in the EU is subject to the GDPR where the processing is related to offering goods or services to such individual data subjects (irrespective of a payment).Ā§
Processing of personal data of individual data subjects who are in the EU by a controller or processor not established in the EU should also be subject to the GDPR when it is related to the monitoring of the behavior of such individual data subjects (including tracking and profiling) insofar as their behavior takes place within the EU.*
The new GDPR also provides for a one-stop-shop mechanism to facilitate organizations in an efficient non-duplicatory manner. ā€œBusinesses will only have to deal with one single [data protection] supervisory authority. This is estimated to save ā‚¬2.3 billion per year.ā€ā€  This will facilitate USā€“EU business and organizations doing business with the EU.
Comparable Analysis Beneficial
All US organizations operating in or targeting the EU or receiving EU data need to be aware of and compliant with EU data protection rules. Even if not directly applicable to certain US organizations (e.g., not operating in or targeting the EU or receiving EU data), it is still beneficial to consider the EU data protection regime. The nature of these rules means that they apply generally and across the board to all EU personal data. In the US, comparable rules do not apply wholesale, but rather are limited to specific sectors or specific sectoral types of personal data, for example health data, genomic data, financial data, data involved in certain types of data breaches, and so on. The EU rules are general, wide, and all-encompassing. The US rules are limited and case specificā€”thus naturally leaving many gaps. How the EU regime deals with data in areas not yet expressly covered in the US can be insightful, instructive, or of assistance to organizations, officers within organizations responsible for dealing with personal data, and external advisors. It is also useful to review and compare how the EU deals with issues that also arise and are of concern in the US.
Pre-Problem-Solving Works in EU and US
While there is a long history and evolution of data protection concerns, the current increase in security, hacking, data breach, and data loss brings data protection issues to the fore. When issues go wrong, there can be litigation, lost sales, customer drop-off, diminished goodwill and brand reputation, and so on. There can be direct tangible financial effects. Corporate officers and even managing directors are in the spotlight in ways that have not occurred before. Sometimes they can be sued. There are increasing examples of corporate officers and managing directors losing their positions as a result of not adequately dealing with or preventing data breach issues.
The EU data protection regime now expressly mandates compliance with the concept of data protection by design.* This is the concept of formally considering data protection issues and implications at all stages of development and roll out of new products and servicesā€”versus an add-on ...

Table of contents

  1. Cover-Page
  2. Half-Title
  3. Title
  4. Copyright
  5. Epigraph
  6. Contents
  7. Notes
  8. Abbreviations
  9. Chapter 1 Necessary to Consider EU Rules
  10. Chapter 2 USā€“EU Similarities, Differences, and Bridges
  11. Chapter 3 The Need for Data Protection
  12. Chapter 4 Need for Updating Data Protection
  13. Chapter 5 EU Data Protection Concepts
  14. Chapter 6 The Instruments
  15. Chapter 7 The New Rules
  16. Chapter 8 Definitions
  17. Chapter 9 Principles
  18. Chapter 10 Prior Information Conditions
  19. Chapter 11 Legitimate Processing Conditions
  20. Chapter 12 Keeping Records
  21. Chapter 13 Representatives of Controllers Not Established in EU
  22. Chapter 14 Rights of Individual Data Subjects
  23. Chapter 15 Rights of Confirmation and Right of Access
  24. Chapter 16 Right to Rectification
  25. Chapter 17 Right to Erasure and Right to Be Forgotten
  26. Chapter 18 Right to Restriction of Processing
  27. Chapter 19 Right to Object to Processing
  28. Chapter 20 Notification Obligation regarding Rectification, Erasure, or Restriction
  29. Chapter 21 Right against Automated Individual Decisions and Profiling
  30. Chapter 22 Right to Prevent Direct Marketing Processing
  31. Chapter 23 Portability
  32. Chapter 24 Outsourcing to Third-Party Data Processors
  33. Chapter 25 Children
  34. Chapter 26 Increased Penalties and Fines
  35. Chapter 27 Codes of Conduct and Certification
  36. Chapter 28 Security of Personal Data
  37. Chapter 29 Data Breaches
  38. Chapter 30 Data Protection Impact Assessment and Prior Consultation
  39. Chapter 31 Data Protection by Design
  40. Chapter 32 Data Protection aS Default
  41. Chapter 33 Cross-Border Transfers of Data
  42. Chapter 34 Right to Be Informed of Third-Country Safeguards
  43. Chapter 35 Transparency
  44. Chapter 36 Health Data
  45. Chapter 37 ePrivacy
  46. Chapter 38 Courts
  47. Chapter 39 Some Specific Issues in GDPR
  48. Chapter 40 Data Protection Supervisory Authorities
  49. Chapter 41 The Data Protection Officer
  50. Appendix I: The Sources of Data Protection Law
  51. Appendix II: How to Comply with the Data Protection Regime
  52. Appendix III: General Data Protection Regulation Sections
  53. Index