In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation, first proposed in 2012, and as of May 25, 2018, it is in effect.
The GDPR offers a framework for data protection with increased obligations for organizations, and its reach is far and wide. It is applicable to any organization — no matter where it resides — that intentionally offers goods or services to the European Union, or that monitors the behavior of individuals within the EU.
This topic page is regularly updated with relevant documents and expert analysis to help organizations determine how the GDPR affects them.
Subscribe to the IAPP Europe Data Protection Digest e-newsletter!
Be in-the-know on EU privacy news (think the GDPR, Privacy Shield, and the PNR Directive, to name a few) by subscribing to the Europe Data Protection Digest e-newsletter.