General Data Protection Regulation (GDPR)
AT
BE
BG
HR
CY
CZ
DK
EE
FI
FR
DE
GR
HU
IE
IT
LV
LU
MT
NL
PL
PT
RO
SK
SI
ES
SE
LTOverview
The General Data Protection Regulation (GDPR) is a legal framework that governs the protection of personal data within the European Union (EU). It aims to give individuals control over their personal information while facilitating the free flow of personal data across the EU. GDPR applies to all entities processing personal data, regardless of location, if they offer goods or services to EU residents or monitor their behavior within the EU. It strengthens individual rights regarding data use and sets strict requirements for businesses processing personal data.
Regulation Summary
- Enacted: April 27, 2016
- Implementation Period: Two years
- Enforced from: May 25, 2018
- Businesses within the EU and non-EU companies targeting EU residents.
- Applies regardless of business size or sector.
- Household data use.
- Data processed for law enforcement, public interest, or research purposes.
- Appoint a Data Protection Officer (if required).
- Implement data protection by design and by default.
- Maintain processing records and perform Data Protection Impact Assessments (DPIAs).
- Obtain informed consent for cookies.
- Display clear privacy notices.
- Enable users to withdraw consent easily.
- Cross-border data transfers require adequate safeguards.
- Mandatory reporting of data breaches within 72 hours.
- Access
- Rectification
- Erasure
- Restriction
- Data
- Objection
- Authority: Supervisory authorities in each EU country.
- Fines: Up to €20 million or 4% of global turnover.
- Regular audits and investigations.