Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (GDPR, Art. 4(2)).
Published in Chapter:
Revisiting the Basics of EU Data Protection Law: On the Material and Territorial Scope of the GDPR
Dimosthenis Lentzis (Aristotle University of Thessaloniki, Greece)
Copyright: © 2020
|Pages: 15
DOI: 10.4018/978-1-5225-9489-5.ch002
Abstract
It is often said that the EU General Data Protection Regulation (GDPR) has a much broader material and territorial scope than the EU Data Protection Directive it has recently replaced. This chapter tries to find out if (and, if so, to what extent) this assumption is correct. To this end, it analyzes, in the light of the existing case-law of the Court of Justice of the EU, the relevant provisions of the GDPR, namely Articles 2 and 3. It comes out that the GDPR has a slightly different (but not necessarily broader) material scope and a broader (but not as broad as one would expect) territorial scope than the old EU Data Protection Directive.