It is difficult to overstate the importance of the GDPR. First, it is very wide-ranging, and will impact almost every organisation that is based in the EU, as well as every organisation that does business in the EU, even if based abroad.
Second, the GDPR is extremely serious. For too long, EU legislators and DPAs have felt that organisations do not take their data protection responsibilities seriously enough, and so the GDPR dramatically increases the maximum penalties for non-compliance to the greater of 20 million, or four percent of worldwide turnovernumbers that are specifically designed to attract C-Suite attention.
Third, the GDPR raises the bar for compliance significantly. It requires greater openness and transparency; it imposes tighter limits on the use of personal data; and it gives individuals more powerful rights to enforce against organisations. Satisfying these requirements will prove to be a serious challenge for many organisations.
Enforcement of the GDPR is coming soon, and organisations need to be ready.
Because the GDPR applies across a very wide range of topics and across all business sectors, it is important for organisations to consider the topics that the GDPR covers, and the practical impact that each topic will have on their respective operations. This Handbook is designed to enable privacy professionals and legal functions within an organisation to quickly identify the issues that are of primary importance to that organisation, and determine how best to address those issues.
In light of the fundamental changes that the GDPR will bring about, an important feature of this Handbook is the comparison between the requirements of the Directive and the GDPR, respectively. By illustrating the differences and similarities between the Directive and the GDPR, this Handbook provides organisations with clear guidance on which compliance requirements change, which requirements do not change, and how organisations should respond.
Structure of this Handbook
This Handbook takes a thematic approach to EU data protection law, addressing the core topics that affect organisations.
Each Chapter provides an analysis of a particular topic, incorporating the features set out below.