On March 20, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP issued a factsheet outlining relevant GDPR provisions for negotiations surrounding the proposed ePrivacy Regulation (the “Factsheet”).

The Factsheet is designed for policymakers and other stakeholders involved in the development process of the new ePrivacy Regulation who are not deeply familiar with the GDPR. As the ePrivacy Regulation aims to complement and particularize the GDPR, an understanding of the key concepts and definitions is crucial to ensure the ePrivacy Regulation’s effective development.

The Factsheet explains key GDPR terms and concepts that are pertinent to the ePrivacy Regulation, including:

  • The definitions of fundamental GDPR terms, such as personal data, data processing and the role of controllers and processors;
  • Information on the territorial scope and reach of the GDPR;
  • An outline of the six key data protection principles and the legal bases for processing;
  •  A description of the various rights of data subjects under the GDPR;
  • Information on the risk-based approach and data privacy impact assessments;
  • An explanation of privacy by design and by default, and GDPR security requirements; and
  • Information on the concept of the lead supervisory authority, remedies and sanctions.

Also included is an annex of the most relevant GDPR recitals and provisions.

To read more about the concepts outlined above and the other relevant GDPR provisions relating to the proposed ePrivacy Regulation, view the full Factsheet.