Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.

 

EU General Data Protection Regulation

Resource Center / Topic Pages / EU General Data Protection Regulation

Image

EU General Data Protection Regulation

TOPIC PAGE

In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation, first proposed in 2012, and as of May 25, 2018, it is in effect.

The GDPR offers a framework for data protection with increased obligations for organizations, and its reach is far and wide. It is applicable to any organization — no matter where it resides — that intentionally offers goods or services to the European Union, or that monitors the behavior of individuals within the EU.

Here, you can find the IAPP’s collection of coverage, analysis and resources related to the GDPR.

Europe Data Protection Digest newsletter
Be in-the-know on EU privacy news by subscribing to the Europe Data Protection Digest newsletter.
Subscribe here

Featured Resources

Back to top

TOOL

GDPR Genius

This interactive tool provides IAPP members ready access to critical GDPR resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location.
Read More

INFOGRAPHIC

GDPR at Five

These statistics point to the GDPR’s tangible impact in the five years since becoming applicable.
Read More

ARTICLE

The AI Act’s debiasing exception to the GDPR

In this article, Marvin van Bekkum and Frederik Zuiderveen Borgesius outline details of the EU AI Act’s debiasing exception to the GDPR.
Read More

RESOURCE ARTICLE

Going back to basics for the EDPB’s year of the DPO

The EDPB’s coordinated enforcement action focused on the role of the DPO. This article examines the legal requirements for DPOs and breaks down the role’s designation, position and tasks as set out in the GDPR.
Read More

INFOGRAPHIC

Requirements of the GDPR-mandated DPO

This infographic outlines the requirements of the GDPR-mandated DPO. The European Data Protection Board chose the role of data protection officer for coordinated enforcement action in 2023.
Read More

BOOK

Hands-On Guide to GDPR Compliance

This operational book for GDPR takes best practices for GDPR compliance straight from the field, but also diving into big-picture privacy questions.
Read More

Back to Top

Back to top

Additional News and Resources

Top 10 operational responses to the GDPR

ARTICLE SERIES

The Top 10 Operational Impacts of the EU’s General Data Protection Regulation

REPORT

Practical considerations from EU enforcement: One-stop shop

ORIGINAL CONTENT

Practical considerations from EU enforcement: legal bases and transparency

ORIGINAL CONTENT

Refresher: The GDPR’s Six Legal Bases for Data Processing

CHART

Top 10 operational impacts of India’s DPDPA – Comparative analysis with the EU General Data Protection Regulation and other major data privacy laws

RESOURCE ARTICLE

EDPB issues draft guidelines on legitimate interest, opinion on processors

ARTICLE

Data subjects as controllers: Violation of GDPR’s fairness principle

ARTICLE

Reducing risks and valuing compliance with the European Data Protection Seal under the GDPR

ARTICLE

EDPB opinion on legality of pay-or-consent models in EU GDPR context

ARTICLE

ANPD publishes legitimate interest guidance

ARTICLE

EDPB creates website auditing tool for GDPR compliance

ARTICLE

Data analytics on online services under GDPR: Legal basis for processing

ARTICLE

Law firm releases annual GDPR and data breach survey results

ARTICLE

Meta’s new digs: A deep dive into practical considerations of consent

ARTICLE

Five years in: Impressions on GDPR’s maturity

ARTICLE

Key points of the DPC’s GDPR decision on TikTok and children’s data

ARTICLE

Can Generative AI Survive the GDPR? (AI Governance Global, an IAPP event 2023)

VIDEO

GDPR fine calculation: A look at the EDPB’s new guidelines and the UK’s approach

ARTICLE

Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?

ARTICLE

Reforming the GDPR in a Global Context (IAPP Global Privacy Summit 2023)

VIDEO

Keynote Panel Discussion on GDPR (IAPP Global Privacy Summit 2023)

VIDEO

FPF: Regulatory Strategies of European Data Protection Authorities

WHITE PAPER

Meta’s EU data transfer case faces Article 65 dispute resolution mechanism

ARTICLE

Breaking down enforcement of Meta’s legal basis for personalized ads

ARTICLE

Using sensitive data to prevent AI discrimination: Does the EU GDPR need a new exception?

ARTICLE

Are EU AI Act sandboxes viable without GDPR waivers for experimentation?

ARTICLE

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

CHART

Proposed EU AI Act blurs lines between AI developers and data processors under GDPR

ARTICLE

Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?

ARTICLE

Record of processing activities — Are you ready for maturity?

ARTICLE

A look behind the EDPB’s move to enhance enforcement cooperation

ARTICLE

Consent as legal basis for EU and UK employment

ARTICLE

CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’

ARTICLE

ICO GDPR Guidance: Special Category Data

GUIDANCE

GDPR’s One-Stop-Shop Cross-Border Complaint Statistics (2018-2021)

REPORT

Dodging the one-stop shop

ARTICLE

CNIL – GDPR Guide for Developers

GUIDANCE

Would anyone in their right mind reopen the GDPR? The IAF’s answer is yes.

ARTICLE

#MeToo vs. GDPR: Investigating Sexual Misconduct by EU Employees

WEB CONFERENCE

3 years in, GDPR highlights privacy in global landscape

ARTICLE

GDPR for Marketing: 2021 Guide

GUIDANCE

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

ARTICLE

DLA Piper GDPR Data Breach Survey 2021

REPORT

Encrypt your data to make GDPR and Russian Data Localization Law compatible

ARTICLE

Privacy pros say GDPR dispute-resolution trigger ‘no surprise’

ARTICLE

Irish DPC: GDPR regulatory activities report

REPORT

Bird & Bird Guide to the General Data Protection Regulation

REPORT

GDPR’s second anniversary: A cause for celebration — and concern

ARTICLE

DPAs on the Ground

WHITE PAPER

Why Blockchain is not inherently at odds with GDPR

REPORT

What you must know about ‘third parties’ under GDPR and CCPA

ARTICLE

Platform helps organizations take deep dives into GDPR, CCPA

ARTICLE

How to ‘background check’ under the GDPR

ARTICLE

GDPR and CCPA: A compatibility story

ARTICLE

Guide​ ​for​ ​multi-controller​ ​situations​ ​under​ ​the​ ​GDPR

GUIDANCE

How pharmacists can comply with GDPR

REPORT

The tension between GDPR and the rise of blockchain technologies

REPORT

Publicly available data under the GDPR: Main considerations

ARTICLE

GDPR one year later: Looking backward and forward

ARTICLE

Want Europe to have the best AI? Reform the GDPR

ARTICLE

Global recall: How the GDPR impacts product recalls

ARTICLE

Privacy professionals begin to look back at year one of the GDPR

ARTICLE

Recap: EDPB’s first-year review of GDPR

ARTICLE

Op-ed: Encrypted data may still be personal under GDPR

ARTICLE

GDPR Enforcement Priorities

INFOGRAPHIC

Guidance on the use of Legitimate Interests under the EU General Data Protection Regulation

REPORT

GDPR Awareness Guide

INFOGRAPHIC

The General Data Protection Regulation Matchup Series

ARTICLE SERIES

Back to top