What the GDPR Requires of and Leaves to the Member States

Resource Center / White Papers / What the GDPR Requires of and Leaves to the Member States

What the GDPR Requires of and Leaves to the Member States

This white paper explores the legislative actions the GDPR requires member states to take, and the optional powers available to them to create exceptions and to to clarify GDPR rules.

Published: April 2018

Contributor:

Müge Fazlioglu

Click to View (PDF)

This IAPP white paper is divided broadly into two sections: The first explores the legislative actions that the GDPR requires member states to take, while the second examines the optional powers and authority available to them to carve out exceptions for or to clarify the GDPR’s rules.

This distinction is derived from the division between what the member states “shall” and “may” do within the articles of the GDPR. These cover such areas as the processing of sensitive data; data processing in the context of employment; conducting DPIAs; appropriate safeguards for data protection for archiving purposes in the public interest, scientific or historical research, or statistical purposes; access rights; automated decision-making and profiling; and data protection officers.

ResourceCenter

All the tools and information you need in one easy-to-find place

What the GDPR Requires of and Leaves to the Member States

What the GDPR Requires of and Leaves to the Member States

What the GDPR Requires of and Leaves to the Member States

What the GDPR Requires of and Leaves to the Member States

Related Stories

CCPA Compliance Operation: Delivering Data Access via Accounts

White Paper – Succeeding at the Intersection of Security and Privacy

Google Chrome Privacy White Paper