GDPR Genius

This interactive tool provides IAPP members ready access to critical EU General Data Protection Regulation resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location. Users can click on any GDPR article to access the following content relevant to that particular GDPR provision:


Use the table of contents below to move between GDPR chapters or the navigation tool at the top of any page. At the bottom of the table of contents, you can view further information on the EU Member State GDPR Derogation Implementation Tracker and the contributors to this section of the "GDPR Genius."

If you are aware of court decisions, enforcement actions or EU or member state guidance that should be added to the "GDPR Genius," please reach out to IAPP Research Director Caitlin Fennessy, CIPP/US, at

Table of Contents

Chapter 1: General Provisions (Articles 1-4)

Chapter 2: Principles (Articles 5-11)

Chapter 3: Rights of the data subject (Articles 12-23)

Chapter 4: Controller and processor (Articles 24-43)

Chapter 5: Transfers of personal data to third countries or international organisations (Articles 44-50)

Chapter 6: Independent Supervisory Authorities (Articles 51-59)

Chapter 7: Cooperation and consistency (Articles 60-76)

Chapter 8: Remedies, liability and penalties (Articles 77-84)

Chapter 9: Provisions relating to specific processing situations (Articles 85-91)

Chapter 10: Delegated acts and implementing acts (Articles 92-93)

Chapter 11: Final provisions (Articles 94-99)

Info on the GDPR Derogation Implementation Tracker
The IAPP scoured the GDPR and found each article in which a derogation is either left to or required of the EU member states.

In some sections of the charts, you will see "Analysis in progress." This signifies that we have yet to receive information related to the particular country's handling of a derogation. This tool was developed with contributions from IAPP members with expertise in the laws of specific EU member states. If you are interested in helping us out with that, please be in touch.

Special thanks to the contributors to this section of the "GDPR Genius":
Alexander Koren of Austria; Kaloyan H. Petrov, CIPP/E, CIPM, FIP, of Bulgaria; Maja Šutalo, CIPP/E, of Croatia; Maria Raphael, CIPP/E, of Cyprus; Bohuslav Lichnovský, CIPP/E, of Czech Republic; Karsten Holt, CIPP/E, CIPM, CIPT, FIP, of Denmark; Tobias Bräutigam, CIPM, FIP, of Finland; Aurélie Banck, CIPP/E, CIPM, FIP, of France; Christopher Schmidt, CIPP/E, CIPM, CIPT, of Germany; László Pók of Hungary; Kate Colleary, CIPP/E, and Natasha O'Reilly of Ireland; Rocco Panetta, CIPP/E, and Marta Fraioli of Italy; Jūlija Terjuhana of Latvia; Natalija Bitiukova, CIPP/E, of Lithuania; Melanie Gagnon, CIPP/E, CIPM, and Sarra Soltani, CIPP/E, of Luxembourg; David Agius of Malta; Abraham Mouritz, CIPP/E, CIPM, FIP, of The Netherlands; Marcin Lewoszewski and Anna Kobylanska of Poland; Vladimir Trojak, CIPP/E, of Slovakia; Rosario Murga Ruiz, CIPP/E of Spain, Sebnem ErenerKaren Lawrence Öqvist of Sweden and Catia Reis of the United Kingdom.