The EU’s General Data Protection Regulation (GDPR) entered into force in May 2018. It is the most significant legal development in the sphere of privacy and data protection in the EU in the past 20 years. The ramifications of this new legislation are wide-ranging since they do not only affect the EU, but also every country that interacts with EU consumers. Now that the dust has settled, several questions have been raised: How does the GDPR interact with national and sectorial legislation? What triggers its extraterritorial application? How does the role of the Data Protection Officer function in practice? How should companies deal with data subject access requests? How does data breach notification work and what is the role of Supervisory Authorities in this new era?
The book addresses all of these issues and many more through an eclectic mix of academic debate and practical considerations. Its unique approach explains the theory and reasoning behind every major GDPR development, and connects them to how these provisions work in practice. The book follows a disciplined structure in accordance with the GDPR and discusses the topical debates surrounding it in the past two years. It goes on to provide an outlook of what the future of privacy in the EU will look like as regards each of these contentious and rapidly emerging areas of the law, such as cross-border data transfer, privacy litigation and privacy activism.
Nikolaos Theodorakis is a lecturer and fellow at the University of Oxford, a fellow at Stanford Law School and a practicing attorney at an international law firm. Nikolaos holds an MPhil and PhD in Law from the University of Cambridge, and has taught and conducted research at Harvard Law School and Columbia Law School. He has received awards from several bodies, including the State Council of the People’s Republic of China, the ESRC, the British Academy and the Greek Parliament.
Jan Dhont is a practicing attorney and partner at an international law firm specialising in privacy and data protection law, as well as information technology law. He has broad experience in providing privacy compliance solutions across industries ranging from pharmaceuticals to insurance and banking. Jan previously worked for the Belgian Supervisory Authority and was a researcher at the University of Namur, Belgium.
There are no separate chapters available for this publication.