European Data Protection - IAPP


Below is an outline of the "European Data Protection" by the IAPP. If you’re a member, then you can log into our Digital Library and view it in your browser using the email address you signed up with. PS. Only members can successfully log in.

  • Click HERE to log into the library (Members only).
  • Folder: Books and Guides > Privacy Docs

If you are having issues logging in, please check the following help guide, HERE.



  • About the IAPP
  • Acknowledgments
  • Introduction


Chapter 1: Origins and Historical Context of Data Protection Law

1.1 Rationale for data protection

1.2 Human rights law

1.3 Early laws and regulations

1.4 The need for a harmonised European approach

1.5 The Treaty of Lisbon

1.6 The General Data Protection Regulation

1.7 Related Legislation


Chapter 2: European Union Institutions

2.1 Background

2.2 European Parliament

2.3 European Council

2.4 Council of the European Union

2.5 European Commission

2.6 Court of Justice of the European Union

2.7 European Court of Human Rights


Chapter 3: Legislative Framework

3.1 Background

3.2 The Council of Europe Convention

3.3 The Data Protection Directive

3.4 The General Data Protection Regulation

3.5 The Law Enforcement Data Protection Directive

3.6 The Privacy and Electronic Communications Directive

3.7 The Data Retention Directive

3.8 Impact on member states



Chapter 4: Data Protection Concepts

4.1 Introduction

4.2 Personal data

4.3 Sensitive personal data

4.4 Controller and processor

4.5 Processing

4.6 Data subject

4.7 Conclusion


Chapter 5: Territorial and Material Scope of the General Data Protection Regulation

5.1 Introduction

5.2 Territorial scope

5.3 Material scope of regulation

5.4 Conclusion


Chapter 6: Data Processing Principles

6.1 Introduction

6.2 Lawfulness, fairness and transparency

6.3 Purpose limitation

6.4 Data minimisation

6.5 Accuracy

6.6 Storage limitation

6.7 Integrity and confidentiality

6.8 Conclusion


Chapter 7: Lawful Processing Criteria

7.1 Background

7.2 Processing personal data

7.3 Processing sensitive data

7.4 Data on offences, criminal convictions and offences and security measures

7.5 Processing which does not require identification

7.6 Conclusion


Chapter 8: Information Provision Obligations

8.1 The transparency principle

8.2 Exemptions to the obligation to provide information to data subjects

8.3 The requirements of the ePrivacy Directive

8.4 Fair processing notices

8.5 Conclusion


Chapter 9: Data Subjects’ Rights

9.1 Background

9.2 The modalities—to whom, how and when

9.3 The general necessity of transparent communication

9.4 Right to information (about personal data collection and processing)

9.5 Right of access

9.6 Right to rectification

9.7 Right to erasure (‘right to be forgotten’)

9.8 Right to restriction of processing

9.9 Right to data portability

9.10 Right to object

9.11 Right to not be subject to automated decision-making

9.12 Restrictions of data subjects’ rights

9.13 Conclusion

European Data Protection: Law and Practice


Chapter 10: Security of Personal Data

10.1 Background

10.2 The security principle and the risk-based approach

10.3 Notification and communication of personal data breaches

10.4 Delivering on security

10.5 Incident response

10.6 Conclusion


Chapter 11: Accountability Requirements

11.1 Introduction and background .

11.2 Responsibility of the controller

11.3 Data protection by design and by default

11.4 Documentation and cooperation with regulators

11.5 Data protection impact assessment

11.6 Data protection officer

11.7 Other accountability measures—Binding Corporate Rules

11.8 Conclusion


Chapter 12: International Data Transfers

12.1 Introduction: limitations affecting international data transfers

12.2 Scope of data transfers

12.3 Meaning of an ‘adequate level of protection’

12.4 Procedure to designate countries with adequate protection

12.5 The situation in the United States

12.6 Providing adequate safeguards

12.7 Data transfers within a multinational corporate group—Binding Corporate Rules

12.8 Relying on derogations

12.9 The future of the restrictions on international data transfers


Chapter 13: Supervision and Enforcement

13.1 Introduction

13.2 Self-regulation

13.3 Regulation by the citizen

13.4 Administrative supervision and enforcement

13.5 Competence and international cooperation

13.6 Sanctions and penalties

13.7 The Law Enforcement Data Protection Directive

13.8 Regulation supervision and enforcement—key provisions

13.9 Conclusion



Chapter 14: Employment Relationships

14.1 Employee data

14.2 Legal basis for processing employee personal data .

14.3 Processing sensitive employee data

14.4 Providing notice

14.5 Storage of personnel records

14.6 Workplace monitoring and data loss prevention

14.7 Works councils

14.8 Whistle-blowing schemes

14.9 Bring your own device


Chapter 15: Surveillance Activities

15.1 Introduction

15.2 Technology

15.3 Regulating surveillance

15.4 Communications data

15.5 Video surveillance

15.6 Biometric data

15.7 Location data

15.8 Conclusion


Chapter 16: Direct Marketing

16.1 Data protection and direct marketing

European Data Protection: Law and Practice

16.2 Postal marketing

16.3 Telephone marketing

16.4 Marketing by electronic mail, including email, SMS and MMS

16.5 Fax marketing

16.6 Location-based marketing

16.7 Online behavioural advertising

16.8 Enforcement

16.9 Conclusion


Chapter 17: Internet Technology and Communications

17.1 Introduction

17.2 Cloud computing

17.3 Cookies, similar technologies and IP addresses

17.4 Search engines

17.5 Social networking services

17.6 Applications on mobile devices

17.7 Internet of Things

17.8 Conclusion


Chapter 18: Outsourcing

18.1 Introduction

18.2 The roles of the parties

18.3 Data protection obligations in an outsourcing contract

18.4 The German case

18.5 Offshoring and international data transfers

18.6 Conclusion


About the Contributors



Next steps:

This article was contributed by Jason Jacobs from Guyana. Jason is a member of the Caribbean CSPA. 


Was this article helpful?
0 out of 0 found this helpful



Article is closed for comments.