Data Subject Rights Under the GDPR


Helena U Vrabec


£125, Oxford University Press



Since becoming enforceable in May 2018, the General Data Protection Regulation has attracted much attention in the legal community and the media. Every person in the country is affected directly or indirectly by this legislation, and the UK government’s efforts to monitor and control the spread of coronavirus further opened up the debate as to who should hold individuals’ personal data, what they are allowed to do with it, and what data subjects should be allowed to withhold.

This book is a detailed and surprisingly engaging summary of the GDPR and how companies try to subvert its requirements so they can continue to harvest data in order to make as much money as possible.

There is an impressive amount of case law referred to from around Europe. There are useful and practical descriptions of technical changes that large internet companies have made to comply with the regulation, and the options that users now have (but rarely use) to control the extent of their data that is harvested by those platforms. Vrabec’s approach helps illuminate what could be a very dry subject.

The key parts of the GDPR are summarised and analysed, and attention focused on how these affect the people the legislation is meant to protect, and how they affect the duties of data controllers.

The book’s cover says it gives practitioners the knowledge of how to pursue data breach claims, but I found this to be slightly misleading as this topic was not covered in any great detail. But overall, this work is a very useful analysis of the GDPR.

How long before the GDPR legislation is rolled back – now that the UK has left the EU – is a moot point but there may be a need for an updated version of the book before long.


Lee Wall is a solicitor with Irvings Law in Liverpool