GDPR Overview

This information portal is provided to the public for free to help firms and organizations prepare for new data protection requirements under the General Data Protection Regulation. It is independent of and not affiliated with the European Parliament, the European Council, or member state supervisory authorities.

What is the GDPR?

The General Data Protection Regulation (GDPR) is an European Union regulation scheduled to go into effect on 25 May 2018.

Coming into fruition after more than four years of deliberation (see timeline), the GDPR aims to standardize and strengthen data protection policies for residents of EU member nations. It replaces the prior Data Protection Directive (95/46/EC) of 1995 and, as a regulation instead of a directive, will apply immediately on enforcement date without requiring individual transpositions by member state legislation.

Territorial Scope

Despite being a European Union regulation, the GDPR has far-reaching implications for any business that has a global presence. In short, it impacts any business, EU-based or not, that has EU users or customers. This represents a key change relative to the current Directive.

Start with Who Must Comply to learn more.