Since becoming applicable 25 May 2018, the EU General Data Protection Regulation propelled data protection and privacy to unprecedented and profound prominence, both within the EU and internationally.
Five years later, privacy professionals are experiencing a new era for the GDPR, with more consequential enforcement, court rulings and privacy-related legislative initiatives. The legislation is also applicable to new technologies and disciplines, such as artificial intelligence governance efforts envisaged by the draft EU AI Act. Beyond the EU, dozens of countries have taken inspiration from the GDPR in enacting their own privacy laws. Indeed, many are now considering ways to reform the GDPR.
The application of the GDPR shows no sign of slowing down or diminishing its influence and impact on policymakers, companies, regulators, consumers and societies. The statistics in this infographic point to the GDPR’s tangible impact.
Additional GDPR resources
EU GDPR Topic Page This page is regularly updated with relevant resources to help organizations and individuals determine how the GDPR affects them.
Ireland DPC’s data transfers decision Meta Platforms Ireland was fined a record 1.2 billion euros under the EU GDPR by the Irish DPC for alleged unlawful data transfers from the EU to the U.S. The IAPP published details of the decision and analysis of the its potential impacts.
Global adequacy capabilities This infographic shows the jurisdictions that vest powers in a regulator or authority to designate jurisdictions as having “adequate” data standards.
Global data transfer contracts This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally.
UK data protection reform: An overview The U.K. government introduced the Data Protection and Digital Information (No. 2) Bill. This article sets summarizes the changes in comparison to the GDPR.
GDPR at One White Paper This white paper explores the number and nature of complaints, investigations and data protection officer notifications over the first year of the GDPR, and the technical challenges and guidance needed moving forward.
GDPR at Two For the GDPR's second anniversary, the IAPP asked leading voices in the data protection and privacy community to reflect about the past, present and future of the GDPR.
GDPR at Three This infographic provides context on the status of the GDPR at the three-year mark since the regulation became applicable.
On May 22, Ireland's Data Protection Commission published its anxiously anticipated decision in the Meta data transfers case, which includes a record-breaking 1.2 billion euro fine, a stop-transfer order with a carefully delineated timeline and an order to cease unlawful processing of EU data in the...
Published: July 2020Click To View (PDF)
This 20th anniversary publication, “Visions of Privacy,” is a future-looking anthology of contributions from privacy thought-leaders from around the world. We asked these leading voices to take a moment for reflection on the last 20 years of privacy — to pa...
There are specific recitals that relate to the derogations in Article 49, as well as detailed guidance from the EDPB. Before attempting to rely on the derogations, organizations need to be aware of these additional considerations. This table summarizes this material so readers can see at a glance th...
Increasingly, privacy and data protection laws around the world require organizations to designate a data protection officer to translate legal protections into practical reality. This chart catalogues those requirements but does not include the many additional instances in which a DPO is recommende...