EU General Data Protection Regulation


EU General Data Protection Regulation Topic Page

In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation, first proposed in 2012, and as of May 25, 2018, it is in effect.

The GDPR offers a framework for data protection with increased obligations for organizations, and its reach is far and wide. It is applicable to any organization — no matter where it resides — that intentionally offers goods or services to the European Union, or that monitors the behavior of individuals within the EU.

Here, you can find the IAPP’s collection of coverage, analysis and resources related to the GDPR.

Featured Resources


GDPR Genius

This interactive tool provides IAPP members ready access to critical GDPR resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location.
Read More


GDPR at Five

These statistics point to the GDPR’s tangible impact in the five years since becoming applicable.
Read More


Impressions on GDPR’s maturity

Policymakers at the IAPP DPC 2023 were reflective about how the GDOR has shaped data privacy discussion five years after it took effect. This article delves into the successes and challenges the law has presented for the privacy world.
Read More


Going back to basics for the EDPB’s year of the DPO

The EDPB’s coordinated enforcement action focused on the role of the DPO. This article examines the legal requirements for DPOs and breaks down the role’s designation, position and tasks as set out in the GDPR.
Read More


Requirements of the GDPR-mandated DPO

This infographic outlines the requirements of the GDPR-mandated DPO. The European Data Protection Board chose the role of data protection officer for coordinated enforcement action in 2023.
Read More


The GDPR’s Six Legal Bases for Data Processing

This chart provides a refresher on the six bases for lawful processing under Article 6 of the EU General Data Protection Regulation.
Read More

Europe Data Protection Digest newsletter

Be in-the-know on EU privacy news by subscribing to the Europe Data Protection Digest newsletter.

Additional News and Resources

Practical considerations from EU enforcement: One-stop shop

Practical considerations from EU enforcement: legal bases and transparency

Top 6 operational impacts of India’s DPDPA – Comparative analysis with the EU General Data Protection Regulation and other major data privacy laws

Key points of the DPC’s GDPR decision on TikTok and children’s data

Can Generative AI Survive the GDPR? (AI Governance Global, an IAPP event 2023)

GDPR fine calculation: A look at the EDPB’s new guidelines and the UK’s approach

Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?

Reforming the GDPR in a Global Context (IAPP Global Privacy Summit 2023)

Keynote Panel Discussion on GDPR (IAPP Global Privacy Summit 2023)

FPF: Regulatory Strategies of European Data Protection Authorities

Meta’s EU data transfer case faces Article 65 dispute resolution mechanism

Breaking down enforcement of Meta’s legal basis for personalized ads

Using sensitive data to prevent AI discrimination: Does the EU GDPR need a new exception?

Are EU AI Act sandboxes viable without GDPR waivers for experimentation?

UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework

Proposed EU AI Act blurs lines between AI developers and data processors under GDPR

Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?

Record of processing activities — Are you ready for maturity?

A look behind the EDPB’s move to enhance enforcement cooperation

Consent as legal basis for EU and UK employment

CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’

ICO GDPR Guidance: Special Category Data

GDPR’s One-Stop-Shop Cross-Border Complaint Statistics (2018-2021)

Dodging the one-stop shop

CNIL – GDPR Guide for Developers

Would anyone in their right mind reopen the GDPR? The IAF’s answer is yes.

#MeToo vs. GDPR: Investigating Sexual Misconduct by EU Employees

3 years in, GDPR highlights privacy in global landscape

GDPR for Marketing: 2021 Guide

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

DLA Piper GDPR Data Breach Survey 2021

Encrypt your data to make GDPR and Russian Data Localization Law compatible

Privacy pros say GDPR dispute-resolution trigger ‘no surprise’

Irish DPC: GDPR regulatory activities report

Bird & Bird Guide to the General Data Protection Regulation

GDPR’s second anniversary: A cause for celebration — and concern

DPAs on the Ground

Why Blockchain is not inherently at odds with GDPR

What you must know about ‘third parties’ under GDPR and CCPA

Platform helps organizations take deep dives into GDPR, CCPA

How to ‘background check’ under the GDPR

GDPR and CCPA: A compatibility story

Guide​ ​for​ ​multi-controller​ ​situations​ ​under​ ​the​ ​GDPR

How pharmacists can comply with GDPR

The tension between GDPR and the rise of blockchain technologies

Publicly available data under the GDPR: Main considerations

GDPR one year later: Looking backward and forward

Want Europe to have the best AI? Reform the GDPR

Global recall: How the GDPR impacts product recalls

Privacy professionals begin to look back at year one of the GDPR

Recap: EDPB’s first-year review of GDPR

Op-ed: Encrypted data may still be personal under GDPR

GDPR Enforcement Priorities

Guidance on the use of Legitimate Interests under the EU General Data Protection Regulation

GDPR Awareness Guide

The General Data Protection Regulation Matchup Series