The General Data Protection Regulation (GDPR) is the latest version of Europe's cornerstone data protection law. It became applicable in May 2018 and has significantly overhauled Europe's data protection rules at a time when information systems and digital business underpin human life. As with the legislation which the GDPR replaced, many jurisdictions outside the European Union (EU) have followed the concepts which it introduced. So understanding the GDPR and how it is enforced is key for businesses around the world.
The Regulation introduces concepts such as the ‘right to be forgotten’, data portability, personal data breach notification and accountability (to call out only a few). Since the Regulation allows EU Member States to introduce their own provisions which complement those in the GDPR, for instance in relation to HR data processing, data protection law remains multi layered in Europe.
Our guide summarises key aspects of the GDPR and highlights the most important actions which organisations should take in seeking to comply with it. To celebrate the first birthday of the GDPR becoming applicable, we have updated the guide to include references to relevant guidance from supervisory authorities and recent notable cases.
Our GDPR tracker shows how and where GDPR has been supplemented locally, highlighting where Member States have taken the opportunities available in the law for national variation.
For more information, please get in touch with one of our data protection experts.