Last Updated: May 2023
Since becoming applicable 25 May 2018, the EU General Data Protection Regulation propelled data protection and privacy to unprecedented and profound prominence, both within the EU and internationally.
Five years later, privacy professionals are experiencing a new era for the GDPR, with more consequential enforcement, court rulings and privacy-related legislative initiatives. The legislation is also applicable to new technologies and disciplines, such as artificial intelligence governance efforts envisaged by the draft EU AI Act. Beyond the EU, dozens of countries have taken inspiration from the GDPR in enacting their own privacy laws. Indeed, many are now considering ways to reform the GDPR.
The application of the GDPR shows no sign of slowing down or diminishing its influence and impact on policymakers, companies, regulators, consumers and societies. The statistics in this infographic point to the GDPR’s tangible impact.
Additional GDPR resources
- EU GDPR Topic Page
This page is regularly updated with relevant resources to help organizations and individuals determine how the GDPR affects them. - Ireland DPC’s data transfers decision
Meta Platforms Ireland was fined a record 1.2 billion euros under the EU GDPR by the Irish DPC for alleged unlawful data transfers from the EU to the U.S. The IAPP published details of the decision and analysis of the its potential impacts. - Global adequacy capabilities
This infographic shows the jurisdictions that vest powers in a regulator or authority to designate jurisdictions as having “adequate” data standards. - Global data transfer contracts
This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally. - UK data protection reform: An overview
The U.K. government introduced the Data Protection and Digital Information (No. 2) Bill. This article sets summarizes the changes in comparison to the GDPR.
Previous GDPR anniversary resources
- What happens on May 26th, 2018?
This infographic highlights what regulators expected to occur when the GDPR was enacted in May 2018. - GDPR at One Infographic
This infographic provides context about the GDPR's first year in numbers. - GDPR at One White Paper
This white paper explores the number and nature of complaints, investigations and data protection officer notifications over the first year of the GDPR, and the technical challenges and guidance needed moving forward. - GDPR at Two
For the GDPR's second anniversary, the IAPP asked leading voices in the data protection and privacy community to reflect about the past, present and future of the GDPR. - GDPR at Three
This infographic provides context on the status of the GDPR at the three-year mark since the regulation became applicable.