After over four years of discussion, the EU’s General Data Protection Regulation (GDPR) was adopted on April 27, 2016 and became effective on May 25, 2018. The GDPR replaces the EU’s Data Protection Directive (95/46 EU) which has served as the main instrument of the EU for almost two decades. GDPR is directly applicable to all EU Member States without the need for implementing national legislation.
With over 200 pages long, GDPR is one of the most wide ranging pieces of data protection and privacy legislation passed by the EU in recent years, and the concepts introduced such as the right to be forgotten, data portability, data breach notification and accountability, among others, require strategic and timely implementation efforts across the enterprise.
This page provides a high level overview of the GDPR and its key requirements that companies will need to comply with and ensure their proper implementation to meet their compliance obligations. GDPR also applies to all international companies which collect and process EU consumer data in their European business operations.