Testing governance and its regulatory techniques against some of the GDPR provisions

The paper follows a three-layered concentric perspective: starting with governance at large, then moving on to EU governance, and ending with an examination of a more focused domain shaped by the European Data Protection Regulation. This concentric and layered perspective, which shifts from global governance to the European level and within the latter shifts to sector-specific competence (data protection), smoothens the path towards an understanding of the channels in which governance processes have interfered with both public law procedures and legal sources.
In this regard, the GDPR is one of the principal manifestations of the measures adopted by the legislator to capture certain governance procedures, as well as their regulatory outcomes, which similarly emerge at the global and European levels (according to the description provided in the first and second layer of the analysis). As such, it intends to reverse the path: from being captured to “capturing” the regulated entities as well as their modus operandi; from being governed by governance to “steering” existing governance processes. In this sense, it tries to convert governance threats into procedural and regulatory opportunities in order to keep pace with rapid technological changes and fading territorial boundaries, offering a bedrock for the better protection of fundamental rights.