Each manager of a department, or a specific responsibility, must assess the data issues and risks as are relevant to their individual department. The manager must assess what data exists; whether it is permitted for use; filter out (including deletion of) data that is over-broad or otherwise not permitted; and ensuring procedures to identify and eliminate processes that open up the risk of future unjustified data collections. While other agents of the company or organisation will have responsibilities in relation to data protection compliance, the manager of a department must also engage in best practices that focus on the data protection obligations of the department. Data protection compliance requires not just adherence to specific data protection legal provisions, but a full understanding of what data exists in the department, company or organisation, where it is located and for what purpose. The personnel manager needs to be satisfied that all of the internal personnel records are fully data protection complaint. Just one of the dangers is that these issues are not addressed in appropriate reviews, contracts and policies. Another risk gap is that there may be policies, etc., but the manager omitted to appropriately include other non full time employees, such as those whom may be contractors, temporary staff, interns, or family members. The marketing manager needs to be satisfied that all of the current and proposed marketing activities, customer lists, and user lists are all compliant with the new data protection rules. Organisations should have undergone an A - Z review of data protection compliance in the lead up to the new EU General Data Protection Regulation (GDPR) go-live date. In many organisations there will be many activities and actions which carried over from the GDPR review. These need to continue to be actioned. In addition, there is also a new Data Protection Act 2018 to consider. Organisations should also have appointed a new Data Protection Officer (DPO) to assist in these efforts and to be the official point of contact internally and externally (for data protection supervisory authorities and for customers and users). Critically, all Managers need to be aware of data protection compliance and related issues within their own Department. The Manager has duties and responsibilities. The Manager cannot simply assume that someone else will do it, or that all data protection issues for their Department are already being dealt with by the DPO or some other Department.

Since the entry into force of the Lisbon Treaty, data protection has been elevated to the status of a fundamental right in the European Union and is now enshrined in the EU Charter of Fundamental Rights alongside the right to privacy. This timely book investigates the normative significance of data protection as a fundamental right in the EU. The first part of the book examines the scope, the content and the capabilities of data protection as a fundamental right to resolve problems and to provide for an effective protection. It discusses the current approaches to this right in the legal scholarship and the case-law and identifies the limitations that prevent it from having an added value of its own. It suggests a theory of data protection that reconstructs the understanding of this right and could guide courts and legislators on data protection issues. The second part of the book goes on to empirically test the reconstructed right to data protection in four case-studies of counter-terrorism surveillance: communications metadata, travel data, financial data and Internet data surveillance. The book will be of interest to academics, students, policy-makers and practitioners in EU law, privacy, data protection, counter-terrorism and human rights law.

Private International Law Online is a dedicated analysis of the private international law framework in the European Union as it applies to online activities such as content publishing, selling and advertising goods through internet marketplaces, or offering services that are performed online. It provides an insight into the history of internet regulation, and examines the interplay between substantive regulation and private international law in a transaction space that is inherently independent from physical borders. Lutzi investigates the current legal framework of the European Union from two angles: first questioning how the rules of private international law affect the effectiveness of substantive legislation, and then considering how the resulting legal framework affects individual internet users. The book addresses recent judgments like the Court of Justice's controversial decision in Glawischnig-Piesczek v Facebook, and the potential consequences of global injunctions, including the adverse effects on freedom of speech and the challenges of coordinating different national laws with regard to online platforms. It also considers the European Union's new Copyright Directive, and the way private international law affects the ability of instruments such as this to create a coherent legal framework for online activities in the European Union. Based on this discussion, Lutzi advocates an alternative approach and sets out how reform might provide a more effective framework, and develops individual elements of the approach to propose new rules and how those rules might adapt to accommodate more recent phenomena and technologies.