Since becoming applicable 25 May 2018, the EU General Data Protection Regulation propelled data protection and privacy to unprecedented and profound prominence, both within the EU and internationally.
Five years later, privacy professionals are experiencing a new era for the GDPR, with more consequential enforcement, court rulings and privacy-related legislative initiatives. The legislation is also applicable to new technologies and disciplines, such as artificial intelligence governance efforts envisaged by the draft EU AI Act. Beyond the EU, dozens of countries have taken inspiration from the GDPR in enacting their own privacy laws. Indeed, many are now considering ways to reform the GDPR.
The application of the GDPR shows no sign of slowing down or diminishing its influence and impact on policymakers, companies, regulators, consumers and societies. The statistics in this infographic point to the GDPR’s tangible impact.
expand_more
Additional GDPR resources
GDPR Topic Page This page is regularly updated with relevant resources to help organizations and individuals determine how the GDPR affects them. View here
Global adequacy capabilities This infographic shows the jurisdictions that vest powers in a regulator or authority to designate jurisdictions as having “adequate” data standards. View here
Global data transfer contracts This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally. View here
GDPR at One White Paper This white paper explores the number and nature of complaints, investigations and data protection officer notifications over the first year of the GDPR, and the technical challenges and guidance needed moving forward. View here
GDPR at Two For the GDPR's second anniversary, the IAPP asked leading voices in the data protection and privacy community to reflect about the past, present and future of the GDPR. View here
GDPR at Three This infographic provides context on the status of the GDPR at the three-year mark since the regulation became applicable. View here
On May 22, Ireland's Data Protection Commission published its anxiously anticipated decision in the Meta data transfers case, which includes a record-breaking 1.2 billion euro fine, a stop-transfer order with a carefully delineated timeline and an order to cease unlawful processing of EU data in the...