This Handbook is designed to enable privacy professionals and legal functions within an organisation to quickly identify the issues that are of primary importance to that organisation, and determine how best to address those issues.
EU data protection law affects all organisations in the EU (and some organisations outside the EU—see Chapter 4). Many organisations that had few or no compliance responsibilities under the Directive have new or increased obligations under the GDPR. Because the GDPR applies across a very wide range of topics and across all business sectors, it is important for organisations to consider the topics that the GDPR covers, and the practical impact that each topic has on their respective operations.
Chapter 2: Complying with the GDPR
Chapter 3: Subject matter and scope
Chapter 4: Territorial application
Chapter 6: Data Protection Principles
Chapter 7: Lawful basis for processing
Chapter 9: Rights of data subjects
Chapter 10: Obligations of controllers
Chapter 11: Obligations of processors
Chapter 12: Impact Assessments, DPOs and Codes of Conduct
Chapter 14: Data Protection Authorities
Chapter 13: Cross-Border Data Transfers
Chapter 15: Cooperation and consistency
Chapter 16: Remedies and sanctions
Chapter 17: Issues subject to national law
Chapter 18: Relationships with other laws
