Our panellists summarised the key facts and findings of 13 recent cases and how they impact key GDPR definitions, including the interpretation of 'personal data', 'data controller', 'data concerning health' and what amounts to 'processing' of personal data. We also discussed the impact these cases have on the determination of compensation awards, damages, data subject rights requests, lawful bases and conducting data protection impact assessments.
Overall, this session provided our attendees with a clearer understanding of the interpretation of various provisions of the GDPR. A key reminder for our audience was the importance of considering the purposive approach that the CJEU takes when interpreting laws, so that the GDPR achieves its intended effect, as well as the importance of implementing enhanced security measures to ensure protection of personal data.
Our next Breakfast Briefing will take place in London on a date in September that is yet to be announced. This session will be an exciting and interactive mock trial that concerns a security breach and will take our audience through cross-examination of witnesses – it's definitely not one to be missed!
If you are interested in attending this and future events at the forefront of data protection and cyber security discourse, please register your interest with one of our team, or send us an email at dpcs@dwf.law.
The recent cases that we covered include: C-755/21 P Kočner v EUROPOL; C-740/22 Endemol Shine Finland; C-604/22 IAB Europe; C46/23 Újpesti Polgármesteri Hivatal; C-61/22 RL v Landeshauptstadt Wiesbaden; C-768/21 TR v Land Hessen; C-741/21 GP v juris GmbH; C-21/23 Lindenapotheke; C-446/21 Maximilian Schrems v Facebook Ireland Ltd; C-200/23 Agentsia po vpisvaniyata; C-169/23 Másdi; C 182/22, C 189/22 Scalable Capital; C 590/22 PS (Adresse erronnee).
