General Data Protection Regulation (GDPR)

GDPR Overview

The General Data Protection Regulation (GDPR) harmonizes data protection laws in the EU that are fit for purpose in the digital age. By introducing a single law, the EU believes that it will bring better transparency to help support the rights of individuals and grow the digital economy.

The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents. Even organizations outside Europe need to be compliant, or otherwise face significant penalties.

The primary objective of the GDPR is to give citizens back control of their personal data. From an economic standpoint, the GDPR aims to simplify the regulatory environment for international business by unifying the regulation within the EU.

Because the GDPR is a regulation and not a directive, it means that it is directly applicable in all EU member states from May 2018. A directive only directs member states to implement ruling, but does not enforce.