This guide summarises key aspects of the GDPR and highlights the most important actions which organisations should take in seeking to comply with it. We have divided our summary into sections which broadly follow those used by the GDPR, sub-divided into themes. Each sub-section. starts with a speed-read summary and a list of suggested priority action points. We have also included a blue tab in each sub-section to guide you to where you can find relevant source material within the GDPR. We have also included details of key guidance materials published by European regulators who form the European Data Protection Board (“EDPB”) (and its predecessor the Article 29 Working Party). We finalised the updates to this guide in December 2023 – by which date, we had seen a significant number of cases from the Court of Justice of the European Union (“CJEU”) analysing the GDPR. We have referenced these cases throughout the guide. The European Union is also pursuing an ambitious digital agenda with multiple pieces of new legislation, which now complement the GDPR. We have indicated how the Digital Markets Act, Digital Services Act, Data Act, Data Governance Act and the NIS2 Directive need to be read alongside the GDPR. Although there is now also political agreement on the Al Act, as at the date of writing this introduction, there is no agreed text, so we have not (yet) included pointers to overlap with the Al Act. We will continue to update this guide to take account of new cases, guidance and legislation. If you would like to receive updates from us, please let us know. In the meantime, we hope that you will find this guide useful.
Views: 10
