Muutke küpsiste eelistusi

E-raamat: Understanding the New European Data Protection Rules

4.00/5 (6 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 20-Sep-2017
  • Kirjastus: CRC Press
  • Keel: eng
  • ISBN-13: 9781351630085
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 62,39 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Understanding the New European Data Protection RulesSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 20-Sep-2017
  • Kirjastus: CRC Press
  • Keel: eng
  • ISBN-13: 9781351630085
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Compared to the US, European data and privacy protection rules seem Draconian. The European rules apply to any enterprise doing business in the EU. The new rules are far more stringent than the last set. This book is a quick guide to the directives for companies, particularly US, that have to comply with them. Where US organizations and businesses who collect or receive EU personal data fail to comply with the rule, the bottom line can suffer from very significant official fines and penalties, as well as from users, customers or representative bodies to pursuing litigation. This guide is essential for all US enterprises who directly or indirectly deal with EU personal data.

Notes xix
Abbreviations xxi
Chapter 1 Necessary To Consider Eu Rules 1(8)
Introduction
1(1)
EU Data Protection Rules Are Important for US Businesses
2(2)
Comparable Analysis Beneficial
4(1)
Pre-Problem-Solving Works in EU and US
5(4)
Chapter 2 US-EU Similarities, Differences, And Bridges 9(14)
Introduction
9(1)
History
9(3)
Similarities and Differences
12(3)
Similarity Bridges
15(8)
Chapter 3 The Need For Data Protection 23(12)
Introduction
23(1)
Growing Importance of Data Protection
24(1)
Fundamental Right
24(1)
Digitization
25(1)
Online Abuse
25(1)
Benefits
26(1)
Applies to All Organizations
27(1)
Fines
28(1)
Data Breach and Data Loss
28(1)
Requirements to Report Data Breaches
29(2)
Prosecutions
31(1)
Proactive Official Audits
31(4)
Chapter 4 Need For Updating Data Protection 35(26)
Introduction
35(2)
EU Commission
37(5)
Update and New and Enhanced Provisions
42(15)
DPD95 Repealed
57(1)
Conclusion
57(4)
Chapter 5 EU Data Protection Concepts 61(22)
Introduction
61(1)
Personal Data
61(1)
The Parties
62(1)
Personal Data Use and Compliance
63(1)
Describing Data Protection
64(2)
The Data Protection Regime
66(1)
Outward-Facing Data Protection Compliance
67(2)
Inward-Facing Data Protection Compliance
69(4)
A Rights-Based Regime
73(1)
National Data Protection Supervisory Authorities
74(1)
Data Protection Rules Introduced
74(2)
Data Protection Concepts
76(2)
General Criteria for Data Processing
78(1)
Legitimate Processing
79(1)
Definitions
79(4)
Chapter 6 The Instruments 83(16)
Introduction
83(1)
Data Protection Laws
83(1)
Legal Instruments
83(1)
General Provisions in the DPD95
84(1)
General Provisions in the GDPR
85(1)
Data Protection Principles
86(2)
Legitimate Data Processing Conditions for Lawfulness of Processing
88(1)
GDPR Background Recitals
89(5)
Consent Conditions
94(1)
Freely Given Consent
94(1)
Consent for Processing: Conditions for Consent
95(1)
Withdrawing Consent
96(1)
Conclusion
96(3)
Chapter 7 The New Rules 99(12)
Introduction
99(1)
Repeal of DPD95
100(1)
Context of GDPR
100(1)
Fundamental Right
101(1)
Formal Nature of Regulations and Directives
101(1)
Introducing the New GDPR Changes
102(2)
Processing of Criminal Convictions and Offenses Data
104(1)
Processing Not Requiring Identification
104(1)
Controllers and Processors
104(1)
Responsibility of the Controller
105(1)
Joint Controllers
105(1)
Processor
106(1)
Processing under Authority of Controller and Processor
106(1)
Processing Not Allowing Identification
106(1)
Exemptions
106(2)
Conclusion
108(3)
Chapter 8 Definitions 111(20)
Introduction
111(1)
Categories of Personal Data
111(1)
General Personal Data
112(1)
Sensitive Personal Data
112(3)
Data Protection Definitions
115(1)
New Definitions in GDPR
115(5)
Restriction of Processing
115(1)
Profiling
116(1)
Pseudonymization
116(1)
Personal Data Breach
116(1)
Genetic Data
116(1)
Biometric Data
116(1)
Data Concerning Health
117(1)
Main Establishment
117(1)
Enterprise
117(1)
Group of Undertakings
117(1)
Binding Corporate Rules
118(1)
Data Protection Supervisory Authority
118(1)
Supervisory Authority Concerned
118(1)
Data Protection Supervisory Authority
118(1)
Cross-Border Processing of Personal Data
119(1)
Relevant and Reasoned Objection
119(1)
Information Society Service
119(1)
International Organization
119(1)
Child
120(1)
Updated Definitions in the GDPR
120(7)
Personal Data
120(1)
Sensitive Personal Data
120(1)
Background Guidance
121(1)
Legal Rule
122(2)
Data Subject
124(1)
Processing
125(1)
Filing System
125(1)
Controller
125(1)
Processor
126(1)
Recipient
126(1)
Third Party
126(1)
Data Subject's Consent
126(1)
Representative
127(1)
Relevant Filing System
127(1)
Conclusion
127(4)
Chapter 9 Principles 131(12)
Introduction
131(1)
Background Guidance on Lawful, Fair, Transparent
132(4)
Data Protection Principles
136(4)
Processor
140(1)
How to Collect and Process Personal Data
140(1)
Conclusion
140(3)
Chapter 10 Prior Information Conditions 143(8)
Introduction
143(1)
The General Data Protection Regulation (GDPR) Changes
143(2)
Prior Information Requirements: Directly Obtained Data
145(1)
Prior Information Requirements: Indirectly Obtained Data
146(2)
Timing of Information
148(1)
Conclusion
149(2)
Chapter 11 Legitimate Processing Conditions 151(8)
Introduction
151(1)
Lawfulness of Processing: General Legitimate Processing Conditions
152(2)
Lawfulness of Processing: Sensitive Personal Data Legitimate Processing Conditions
154(2)
Conclusion
156(3)
Chapter 12 Keeping Records 159(6)
Introduction
159(1)
Liability and Measures to Demonstrate Compliance
159(1)
Maintaining Records
159(2)
Records Requirement
161(1)
The Principles' Record Requirements
162(1)
Cooperation with the Data Protection Supervisory Authority
163(1)
Conclusion
163(2)
Chapter 13 Representatives Of Controllers Not Established In EU 165(4)
Introduction
165(1)
Representatives/Non-EU Controllers
165(2)
Background Guidance
165(1)
Article Requirement
166(1)
Conclusion
167(2)
Chapter 14 Rights Of Individual Data Subjects 169(10)
Introduction
169(1)
Recipients of Rights
170(1)
Issues
170(2)
Background Guidance
172(1)
Legal Rules and Rights
173(4)
Conclusion
177(2)
Chapter 15 Rights Of Confirmation And Right Of Access 179(12)
Introduction
179(1)
Right of Confirmation
179(3)
Background Guidance
180(1)
Legal Rule
181(1)
Right of Access
182(7)
Background Guidance
183(1)
Legal Rule
184(1)
Access: What Must Be Supplied
185(1)
Time Limits for Access
185(1)
Making Request for Access
185(1)
Dealing with Access Requests
186(1)
Response to Access Requests
187(1)
Possible Access Exceptions and Issues
188(1)
Conclusion
189(2)
Chapter 16 Right To Rectification 191(6)
Introduction
191(1)
Background Guidance
191(2)
Legal Rule
193(1)
Conclusion
194(3)
Chapter 17 Right To Erasure And Right To Be Forgotten 197(12)
Introduction
197(1)
Background Guidance
197(3)
Legal Rule
200(5)
Conclusion
205(4)
Chapter 18 Right To Restriction Of Processing 209(4)
Introduction
209(1)
Background Guidance
209(1)
Background Guidance on Methods to Restrict Processing
210(1)
Legal Rule
211(1)
Conclusion
211(2)
Chapter 19 Right To Object To Processing 213(6)
Introduction
213(1)
Background Guidance
213(2)
Legal Rule
215(2)
Conclusion
217(2)
Chapter 20 Notification Obligation Regarding Rectification, Erasure, Or Restriction 219(2)
Introduction
219(1)
Legal Rule
219(1)
Conclusion
219(2)
Chapter 21 Right Against Automated Individual Decisions And Profiling 221(4)
Introduction
221(1)
Background Guidance on Profiling
222(1)
Legal Rule
222(1)
Conclusion
223(2)
Chapter 22 Right To Prevent Direct Marketing Processing 225(4)
Introduction
225(1)
Background Guidance
225(1)
Legal Rule
226(1)
Conclusion
226(3)
Chapter 23 Portability 229(4)
Introduction
229(1)
Background Guidance on Automated Processing and Portability
229(1)
Legal Rule
230(1)
Conclusion
231(2)
Chapter 24 Outsourcing To Third-Party Data Processors 233(10)
Introduction
233(1)
Background Guidance
234(2)
Legal Rule
236(1)
Processing under Authority
237(1)
Processors and Security
238(1)
New Processor Requirements
238(1)
Controller Records
239(1)
Processor Records
240(1)
Conclusion
241(2)
Chapter 25 Children 243(8)
Introduction
243(1)
Background Guidance
244(1)
Children Merit Specific Protection
244(1)
Transparency and Children
245(1)
Legal Rules
245(4)
Age
245(2)
No Legitimate Interest Processing of Personal Data of Child
247(1)
Child's Consent and Conditions for Information Society Services
247(1)
Transparency and Children
248(1)
Codes of Conduct and Certification
248(1)
Data Protection Supervisory Authority
249(1)
Conclusion
249(2)
Chapter 26 Increased Penalties And Fines 251(12)
Introduction
251(1)
Background Guidance
251(2)
Fines of Ten Million
253(1)
Fines of Twenty Million
254(1)
Fines for Non-Compliance with Data Protection Supervisory Authority Order
254(2)
Impact
256(1)
General Conditions for Imposing Administrative Fines
257(2)
Penalties
259(1)
Enforcement
260(1)
Conclusion
260(3)
Chapter 27 Codes Of Conduct And Certification 263(8)
Introduction
263(1)
Background Guidance: Codes of Conduct
263(1)
Codes of Conduct
263(2)
Monitoring Approved Codes of Conduct
265(1)
Details of Codes of Conduct
266(2)
Certification Seals and Marks
268(1)
Background Guidance
268(1)
Legal Rule
268(2)
Conclusion
270(1)
Chapter 28 Security Of Personal Data 271(34)
Introduction
271(1)
Background Guidance
272(5)
Risk and Damage
272(2)
Breaches
274(1)
Risk Evaluation
275(1)
High Risks
275(1)
Risk and Damage
276(1)
Legal Rule: Appropriate Security Measures
277(5)
Notification of Data Breach to Data Protection Supervisory Authority
282(1)
Communication of Personal Data Breach to Data Subject
283(1)
Data Protection Impact Assessment
284(2)
Prior Consultation
286(1)
Ensuring Appropriate Security Measures
287(1)
Employees and Security
288(1)
Engaging Processors and Security Issues
289(2)
Legislative Data Protection Reviews
291(1)
Specific Public Interest Prior Consultations
291(1)
Security Directive
291(1)
Security Awareness
292(1)
Data Protection Supervisory Authorities Guides
292(2)
Security and Article 29 Data Protection Working Party (WP29)/EDPB
294(1)
Organizational Security Awareness
295(4)
Identifying and Controlling Organizational IT Security
295(1)
Appraising Employees
296(1)
General Policy
297(1)
Email
297(1)
Internet Access
297(1)
Mobile Telephones and Devices
297(1)
Vehicles
297(1)
Internet Social Media
298(1)
Software Installation and Management
298(1)
Password Security
298(1)
Connecting Hardware
298(1)
Remote Access
298(1)
Bring Your Own Device (BYOD)
299(1)
Organizational Security Measures
299(1)
Breach Laws to Consider
300(1)
Third-Party Security Providers
301(1)
Disposal of Computer Hardware
302(1)
Conclusion
303(2)
Chapter 29 Data Breaches 305(10)
Introduction
305(1)
Data Breach Incidents in Context
305(1)
Background Guidance
306(1)
Data Breach
306(1)
Notifying Data Breach to Individual Data Subjects
306(1)
Notifications and Measures re Data Breaches
307(1)
Legal Rule
307(3)
Notification of a Data Breach to Data Protection Supervisory Authority
307(2)
Communication of a Data Breach to the Data Subject
309(1)
Employee Data Breaches
310(1)
Notification Timelines
310(1)
Notification Processes
310(1)
Security Standards
310(2)
Incident Response
312(1)
Conclusion
312(3)
Chapter 30 Data Protection Impact Assessment And Prior Consultation 315(14)
Introduction
315(1)
Background Guidance
315(3)
High Risks
315(1)
Data Protection Impact Assessment
316(2)
Legal Rule
318(3)
Reasons for Assessments
321(2)
Assessment Reports
323(1)
Assessment Characteristics
323(2)
Steps and Methodologies
325(1)
Prior Consultation and Risk
326(1)
Conclusion
327(2)
Chapter 31 Data Protection By Design 329(8)
Introduction
329(1)
Background
329(1)
Principles of Data Protection by Design
330(1)
Legal Rule: Data Protection by Design
331(2)
Conclusion
333(4)
Chapter 32 Data Protection As Default 337(4)
Introduction
337(1)
Legal Rule
337(1)
Assessments
337(2)
Certification
339(1)
Conclusion
339(2)
Chapter 33 Cross-Border Transfers Of Data 341(30)
Introduction
341(1)
Background Guidance
342(7)
Cross-Border Flows
342(1)
Transfer Agreements and Mechanisms
343(6)
Legal Rule
349(1)
Permitting Transfers via Adequacy Decision
350(2)
Adequate Protection Exception
352(1)
Transfers via Appropriate Safeguards
353(1)
Creating Adequacy through Consent, Contract
354(1)
Transfers via Binding Corporate Rules (BCRs)
355(4)
Transfers or Disclosures Not Authorized by EU Law
359(1)
Transfers via Derogations for Specific Situations
359(2)
Exceptions
361(1)
Issues
362(1)
Establishing Whether the Ban Applies
363(2)
Schrems, EU-US Safe Harbor, and EU-US Privacy Shield
365(3)
Conclusion
368(3)
Chapter 34 Right To Be Informed Of Third-Country Safeguards 371(4)
Introduction
371(1)
Background Guidance
371(2)
Legal Rule
373(1)
Conclusion
374(1)
Chapter 35 Transparency 375(10)
Introduction
375(1)
Background Guidance
375(5)
Legal Rule
380(3)
Conclusion
383(2)
Chapter 36 Health Data 385(8)
Introduction
385(1)
Health-Related Definitions
385(2)
Data Concerning Health
385(1)
Genetic Data
386(1)
Biometric Data
386(1)
Pseudonymization
386(1)
Profiling
387(1)
Legal Rule: Special Data
387(1)
Health Research
388(1)
Right to Be Forgotten Exception
389(1)
Conclusion
390(3)
Chapter 37 EPrivacy 393(20)
Introduction
393(1)
Background
394(2)
DPD95 and ePD
396(1)
Scope of ePD
396(4)
Security
397(1)
Confidentiality
398(1)
Traffic Data
399(1)
Non-Itemized Billing
399(1)
Call Line Identification
399(1)
Location Data
400(1)
Directories
400(1)
Unsolicited Communications, Direct Marketing, and Spam
400(6)
The Spam Problem
402(1)
Spam Internationally
402(1)
Unsolicited Communications
402(1)
Marketing Default Position
403(1)
Limited Direct Marketing Permitted
404(1)
Direct Marketing to Existing Customers' Email
404(1)
National Marketing Opt-Out Registers
405(1)
Deceptive Emails: Marketing Emails Must Not Conceal Identity
405(1)
Marketing Emails Must Provide Opt-Out
405(1)
Marketing Protection for Organizations
406(1)
ePrivacy Regulation Proposal
406(1)
Conclusion
407(6)
Chapter 38 Courts 413(16)
Introduction
413(1)
Civil Sanctions
414(2)
Background Guidance
416(3)
New GDPR Remedies, Legal Rules, Damage, and Compensation
419(1)
Right to Effective Judicial Remedy against Controller or Processor
420(1)
Right to Compensation and Liability
420(2)
Right to Lodge Complaint with Data Protection Supervisory Authority
422(1)
Right to an Effective Judicial Remedy against a Data Protection Supervisory Authority
422(1)
Representation of Data Subjects
423(1)
Organizational Privacy Groups
424(1)
Background Guidance on Representative Data Subject Organizations
424(1)
Jurisdiction Issues
425(3)
Controller or Processor in EU
425(1)
Controller or Processor Not in EU
425(1)
Monitoring
426(1)
Jurisdiction, Main Establishment, Groups
426(2)
Investigation and Evidence
428(1)
Conclusion
428(1)
Chapter 39 Some Specific Issues In GDPR 429(12)
Introduction
429(1)
Specific Data Processing Situations
429(1)
Employment Data
430(1)
Processing National Identification Numbers
431(1)
Public Authorities
431(1)
Processing and Freedom of Expression and Information
431(1)
Safeguards and Derogations: Public Interest Archiving/Scientific or Historical Research/Statistical Processing
432(4)
Background Guidance
432(3)
Legal Rule
435(1)
Obligations of Secrecy
436(1)
Churches and Religious Associations
437(1)
eCommerce Directive
437(1)
General Registration/Notification Requirement Removed
437(1)
Conclusion
438(3)
Chapter 40 Data Protection Supervisory Authorities 441(16)
Introduction
441(1)
Data Protection Supervisory Authorities
441(1)
Tasks
442(2)
Investigative Powers
444(1)
Corrective Powers
445(1)
Authorization and Advisory Powers
446(1)
Independence
447(2)
Cooperation with National Data Protection Supervisory Authorities
449(1)
Enforcement Powers of Data Protection Supervisory Authority
449(1)
Investigations by National Data Protection Supervisory Authorities
449(1)
Power to Obtain Information
450(1)
Power to Enforce Compliance with the Data Protection Laws
450(1)
Power to Prohibit Overseas Transfer of Personal Data
450(1)
Powers of Authorized Officers to Enter and Examine
451(1)
Prosecution of Offenses
451(1)
Notifying Data Breach to Data Protection Supervisory Authority
452(1)
European Data Protection Board
452(1)
Background Guidance
452(1)
Legal Rule
453(1)
Conclusion
453(4)
Chapter 41 The Data Protection Officer 457(10)
Introduction
457(1)
New Data Protection Officers
457(2)
Position
459(1)
Article 39 Tasks
459(2)
Group Data Protection Officer
461(1)
Qualifications and Expertise
461(1)
Contact Details
461(1)
Duty of Confidentiality
462(1)
Reporting
462(1)
Independent in Role and Tasks
462(1)
Resources
462(1)
Data Protection by Design and Data Protection by Default
463(1)
Conclusion
464(3)
Appendix I: The Sources Of Data Protection Law 467(20)
Appendix II: How To Comply With The Data Protection Regime 487(4)
Appendix III: General Data Protection Regulation Sections 491(8)
Index 499
Paul Lambert, BA, LLB, LLB, CTMA, PhD, lawyer, consultant, adjunct lecturer, is a leading authority of European data protection regulations, as well as the author of various books on data protection, internet, social media and courtroom broadcasting including The Laws of the Internet (4th edition), International Handbook of Social Media Laws, A Users's Guide to Data Protection and Television Courtroom Broadcasting Effects: The Empirical Research and the Supreme Court Challenge (University Press of America) and has published many articles in various professional, trade and academic journals including the European Intellectual Property Review. He speaks regularly at conferences and events across Europe and Asia on the data protection, internet, intellectual property, information technology and courtroom broadcasting. He is also frequently interviewed in various national and international media such as the Sunday Times.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97813516300856e.html
Märksõnad: