Table of Contents
Abbreviations xix
Table of Legislation xxi
Table of Statutory Instruments xxiii
Table of European/International Legislation xxv
WP29/EDPB xxvii
Table of Cases xxix
Part 1 Data Protection
1 Data Protection 3
2 The Definitions of Data Protection 39
3 Instruments of Data Protection 55
4 Data Protection Principles 69
5 Processing Pre-Conditions: The Prior Information Requirements 75
6 Legitimate Processing Conditions 85
7 Exemptions 91
8 Individual Data Subject Rights 105
9 Notification and Registration 135
10 Enforcement and Penalties for Non-Compliance 139
11 Security of Personal Data 175
12 Outsourcing and Processors 205
Part 2 The New Data Protection Regime
13 The New Data Protection Regime Introduced 219
14 Background and Context 235
15 Rules and Issues 271
16 Reaction to New Regulation 301
17 The New Regime in Details 309
18 New Data Protection Officer 351
19 Security and Data Breach 359
20 Data Protection Impact Assessment 365
21 Privacy by Design, Data Protection by Design, Data Protection as Default 375
Part 3 Organisations and Inward-Facing Obligations
22 Processing Employee Personal Data 383
23 Employee Data Protection Rights 411
24 Employee Considerations 425
25 Case Studies 447
Part 4 Organisations and Outward-Facing Obligations
26 Outward-Facing Issues 499
27 Outward-Facing Rights 519
28 Outward-Facing Data Protection by Design and by Default 523
29 ePrivacy and Electronic Communications 533
30 Cookies and Electronic Communications 549
31 Electronic Direct Marketing and Spam 553
32 Cross-Border Transfers of Personal Data 563
33 Case Studies 587
Part 5 New Issues
34 New Issues 607
Appendices 613
Reference 613
Legislation 613
Resources 615
Index 631