Europe

Image

Below, you can find the IAPP’s collection of coverage, analysis and resources related to the privacy industry in the European region.

The IAPP Resource Center includes additional European focused topic pages:

Subscribe to the Europe Data Protection Digest e-newsletter!
Keep up to date with the most important privacy and data protection news from the European region by subscribing to the Europe Data Protection Digest e-newsletter.

Featured Resources

European Institutions Privacy Stakeholder Map

To better understand the entities involved in EU privacy rulemaking, this chart provides an overview of the institutions, the nature of their role, the specific areas of responsibilities, and current leadership.
Read More

How do EU laws get approved?

This chart describes the main steps of the codecision procedure, the most common decision-making procedure among EU Institutions.
Read More

European Strategy for Data

This is a multipart series intended to provide privacy professionals with an overview of new EU legislation adopted since May 2022 under the European Union’s Strategy for Data.
Read More


Latest News & Resources

EU-US Data Privacy Framework – Guidance and Resources

On October 7, 2022, the White House released an executive order implementing the long-awaited EU-U.S. Data Privacy Framework. The European Commission concurrently announced that it will launch its adequacy determination procedure for EU personal data transferred to the United States under the arrangement. This page will stay updated with the latest guidance documents and resources covering what these new rules say, how they work and what comes next as the adequacy review process proceeds. Read More

GDPR Genius

This interactive tool provides IAPP members ready access to critical GDPR resources — enforcement precedent, interpretive guidance, expert analysis and more — all in one location. Read More

UK data protection reform: An overview
(IAPP, April 2023)
European Data Protection Supervisor’s Annual Report (2023)
(EDPS, April 2023)
Irish DPC publishes Article 30 guidance
(IAPP, April 2023)
Irish DPC publishes guides on children’s data protection rights
(IAPP, April 2023)
Going back to basics for the EDPB’s year of the DPO
(IAPP, March 2023)
NGO seeks more Ukrainian privacy awareness amid Russian invasion
(IAPP, March 2023)
EDPB launches coordinated enforcement on role of DPOs
(IAPP, March 2023)
CNIL’s Secretary General rolls out plans for 2023 at DPI France
(IAPP, March 2023)
ICO releases new UK GDPR certification scheme
(IAPP, March 2023)
UK introduces draft data protection reform
(IAPP, March 2023)
Top ten takeaways from the draft UK GDPR reform
(IAPP, March 2023)
Irish DPC Annual Report 2022
(Irish DPC, March 2023)
The process behind the EDPB’s coordinated enforcement framework
(IAPP, February 2023)
EU policymakers have adtech in sight for future regulation
(IAPP, February 2023)
FPF: Regulatory Strategies of European Data Protection Authorities
(Future of Privacy Forum, February 2023)
MEPs urge European Commission to reject EU-US adequacy
(IAPP, February 2023)
CJEU issues ruling on DPOs and conflict of interest
(IAPP, February 2023)
UK PM overhauls government departments, including focus on innovation and tech
(IAPP, February 2023)
Quo Vadis Europe? IAPP Country Leaders’ predictions for 2023
(IAPP, February 2023)
Privacy Around the Globe: United Kingdom
(IAPP, February 2023)
European Commission publishes guidelines for Digital Services Act user reporting
(IAPP, February 2023)
What the EU has in store for 2023
(IAPP, January 2023)
A practical guide to anonymization standards across the EU and UK
(IAPP, January 2023)
EDPB’s Meta decisions explained: Resolving the adtech dispute
(IAPP, January 2023)
10 takeaways from the Irish DPC decisions on Meta
(IAPP, January 2023)
Irish DPC, EDPB Meta decisions raise complex, fundamental questions
(IAPP, January 2023)
Irish DPC fines Meta 390M euros over legal basis for personalized ads
(IAPP, January 2023)
EU-US draft adequacy decision arrives, EU process begins in earnest
(IAPP, December 2022)
The EU AI Act: A discussion with MEP and co-rapporteur Dragoș Tudorache
(IAPP, December 2022)
A look at European Parliament’s AI Act negotiations
(IAPP, November 2022)
Europe seeks a way out of the data retention pickle
(IAPP, November 2022)
The EU’s temptation to break end-to-end encryption
(IAPP, November 2022)
The EU-US Data Privacy Framework and next steps for data transfers
(IAPP, October 2022)
IAPP country leaders weigh in: What’s next for data protection in Europe?
(IAPP, October 2022)
A view from Brussels: The latest on the DSA, DMA and Privacy Shield
(IAPP, October 2022)
European Commission Report: A European strategy for data
(European Commission, October 2022)
The value of a UK representative: A response to the DPDI Bill
(IAPP, September 2022)
Bloc of EU lawmakers throws support behind total facial recognition ban
(IAPP, September 2022)
CEPS publishes EU AI Act report
(IAPP, September 2022)
Is data localization coming to Europe?
(IAPP, August 2022)
Dentons: Europe Cookie Law Comparison tool
(Dentons, August 2022)
UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework
(IAPP, July 2022)
EU Artificial Intelligence Act Proposal: What could it change?
(IAPP, July 2022)
Proposed EU AI Act blurs lines between AI developers and data processors under GDPR
(IAPP, July 2022)
UK unveils data reform bill, proposes AI regulation
(IAPP, July 2022)
Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?
(IAPP, July 2022)
Irish DPC files draft order to halt Meta’s data transfers to US
(IAPP, July 2022)
Guide to EU Cookie Laws
(Privacy Policies, July 2022)
A view from Brussels: GDPR & DGA, DSA, DMA: When the rubber meets the road
(IAPP, June 2022)
A view from Brussels: EDPB adopts guidelines on fines, Council of the European Union approves DGA
(IAPP, May 2022)
JOIC releases 2021 data breach report
(IAPP, May 2022)
EU institutions publish final text for Digital Markets Act
(IAPP, May 2022)
EU plans to improve health data access
(IAPP, May 2022)
European Data Protection Board Annual Report (2021)
(EDPB, May 2022)
Consent as legal basis for EU and UK employment
(IAPP, May 2022)
CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’
(IAPP, May 2022)
The UK data policy and possible divergences with the European Union
(IAPP, April 2022)
European Parliament issues report on AI Act
(IAPP, April 2022)
EDPS, EDPB chair talk privacy policy in the EU, beyond
(IAPP, April 2022)
EU, US agree ‘in principle’ to new trans-Atlantic data agreement
(IAPP, May 2022)
EU Parliament, Council reach deal on Digital Markets Act
(IAPP, March 2022)
The data provisions in the EU’s upcoming Big Tech law
(IAPP, March 2022)
Data portability in the EU: An obscure data subject right
(IAPP, March 2022)
Commission proposal for a regulation on the European health data space
(IAPP, March 2022)
A conversation with Ukrainian Dmytro Korchynskyi
(IAPP, March 2022)
Key takeaways from CNIL’s draft recommendation on smart cameras
(IAPP, March 2022)
EDPS report: EU Institutions’ resilience to COVID-19
(EDPS, March 2022)
The EU’s anti-money laundering regulation and data protection: Part II
(IAPP, February 2022)
EU Data Governance Act: What privacy professionals need to know
(IAPP, February 2022)
CNIL is latest authority to rule Google Analytics violates GDPR
(IAPP, February 2022)
Inside the EU’s rocky path to regulate artificial intelligence
(IAPP, February 2022)
The 2022 lookout for EU policy: what you need to know
(IAPP, January 2022)
Austrian DPA’s Google Analytics decision could have ‘far-reaching implications’
(IAPP, January 2022)
EU Standard Contractual Clauses (Word documents)
(IAPP)
CNIL sets parameters for processors’ reuse of data for product improvement
(IAPP, January 2022)
CNIL’s ePrivacy fines reveal potential enforcement trend
(IAPP, January 2022)
The EU’s digital strategy and what it means for privacy
(IAPP, December 2021)
From the AI Act to the DSA: Catching up on the EU’s digital agenda
(IAPP, December 2021)
New EU data blockage as German court would ban many cookie management providers
(IAPP, December 2021)
The way the third-party cookie crumbles: Part 1 – EU and UK developments
(IAPP, December 2021)
The EU’s DMA and DSA: Why this should be of interest to privacy pros
(IAPP, December 2021)
Germany’s telecom privacy law takes effect
(IAPP, December 2021)
EDPB discusses data transfer guidance considerations, key points
(IAPP, November 2021)
LinkedIn Live: ‘New EDPB Guidelines: What is a data transfer under the GDPR?’
(IAPP, November 2021)
New EDPB guidelines define international transfers: Dancing in place
(IAPP, November 2021)
CNIL releases its own privacy maturity self-assessment model
(IAPP, November 2021)
The future of data protection in the EU’s digital market strategy
(IAPP, November 2021)
Dispatch from Brussels: Some clarification for EU data transfers on the horizon
(IAPP, November 2021)
ENISA Threat Landscape Report 2021
(European Union Agency for Cybersecurity, October 2021)
Facebook to hire 10K EU workers over next 5 years
(IAPP, October 2021)
Irish DPC proposes 36M euro GDPR fine against Facebook
(IAPP, October 2021)
CNIL Interactive Map – Data protection around the world
(CNIL, September 2021)
Irish DPC WhatsApp decision: What do you need to know?
(IAPP, September 2021)
The Brussels lowdown: Data policy this fall
(IAPP, September 2021)
UK launches wide-ranging data reform initiative
(IAPP, September 2021)
Facebook updates cookie controls in Europe
(IAPP, September 2021)
The state of Serbia’s Personal Data Protection Law after two years
(IAPP, August 2021)
FAQs for UK ICO’s data transfer consultation – including approach to EU SCCs
(IAPP, August 2021)
What can we learn from the Garante’s recent 2.5M euro fine?
(IAPP, August 2021)
EU warns UK could lose adequacy by drifting away from GDPR
(IAPP, August 2021)
EDPB outlines DPA resourcing, enforcement actions
(IAPP, August 2021)
European Health Data Space: Repairing the trans-Atlantic data relationship through biotech R & D
(IAPP, July 2021)
Insights into the Future of Data Protection Enforcement: Regulatory Strategies of European Data Protection Authorities for 2021-2022
(The Future of Privacy Forum, July 2021)
Commentary on Dutch DPA’s fine for not appointing an EU representative
(IAPP, July 2021)
The CJEU did not rescind the one-stop shop. Quite the opposite.
(IAPP, July 2021)
Web Conference: Talks for DPOs by Dutch DPOs
(IAPP, June 2021)
EDPB rapporteur details board’s supplementary measures
(IAPP, June 2021)
EU adequacy decision for South Korea
(IAPP, June 2021)
EDPB’s data transfer recommendations adopt a risk-based approach with teeth
(IAPP, June 2021)
Top-10 do’s and don’ts for service providers implementing the new SCCs with EU customers
(IAPP, June 2021)
EDPS Factsheet – Data protection audits explained
(EDPS, June 2021)
Digital wallet unveiled in EU
(IAPP, June 2021)
European Commission adopts UK adequacy decisions
(IAPP, June 2021)
EPDS Infographic — Personal Data Breaches in a Nutshell
(EDPS, May 2021)
CoE, Parliament reach provisional deal on COVID-19 certificates
(IAPP, May 2021)
What’s behind the EU’s new Cloud Code of Conduct?
(IAPP, May 2021)
New urgency about data localization with Portuguese decision
(IAPP, April 2021)
How to know you are a ‘data intermediary’ under the Data Governance Act
(IAPP, April 2021)
EU grappling with potential one-stop-shop reform
(IAPP, April 2021)
Why the EU’s AI regulation is a groundbreaking proposal
(IAPP, April 2021)
A look at what’s in the EU’s newly proposed regulation on AI
(IAPP, April 2021)
EDPB adopts data transfer statement, publishes GDPR guidance
(IAPP, April 2021)
Facebook breach draws EU ‘mass action’ lawsuit
(IAPP, April 2021)
EDPB publishes opinions on UK draft adequacy decision
(IAPP, April 2021)
Web Conference: Monitoring Employees’ Health & Activities Outside Work in Germany, Poland and UK
(IAPP, February 2021)
Why the EDPB should avoid torpedoing BCRs for processors
(IAPP, April 2021)
NIS representation in the EU and UK — Was the March 31 deadline a turning point?
(IAPP, April 2021)
Why this French court decision has far-reaching consequences for many businesses
(IAPP, March 2021)
Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold
(IAPP, February 2021)
GDPR representatives in EU and UK after Brexit
(IAPP, February 2021)
European Commission releases draft UK adequacy decisions
(IAPP, February 2021)
Data transfers: Questions and answers abound, yet solutions elude
(IAPP, February 2021)
Croatian DPA shutters website: Protection of personal data or violation of freedom of speech?
(IAPP, February 2021)
EU Council ambassadors agree to negotiating position on ePrivacy Regulation
(IAPP, February 2021)
Government leaders discuss state of play for UK adequacy, data transfers
(IAPP, January 2021)
Comparing EU regulatory norms with incident reporting obligations
(IAPP, January 2021)
How does GDPR apply to clinical trial sponsors outside EEA? Views of EEA DPAs
(IAPP, January 2021)
Hard data localization may be coming to the EU — Here are 5 concerns
(IAPP, January 2021)
CJEU’s advocate general: One-stop shop means one-stop shop
(IAPP, January 2021)
CJEU opinion clarifies cross-border enforcement scenarios
(IAPP, January 2021)
UK, EU reach interim data flow agreement
(IAPP, January 2021)
Proposal for an EU Data Governance Act — a first analysis
(IAPP, December 2020)
How US, EU approach regulating ‘dark patterns’
(IAPP, December 2020)
ENISA Report — Guidelines for securing the IoT
(European Union Agency for Cybersecurity, November 2020)
European Commission: Recommendations for a safe and ethical transition towards driverless mobility
(European Commission, September 2020)
Frequently Asked Questions & Resources on ‘Schrems II’
(IAPP, August 2020)
DPA and government guidance on ‘Schrems II’
(IAPP, July 2020)
White Paper – DPAs on the Ground
(IAPP, May 2020)
The GDPR at Two: Expert Perspectives
(IAPP, May 2020)
White Paper – GDPR at One Year: What We Heard from Leading European Regulators
(IAPP, August 2019)
View More Resources

Regional Resources

Click below to navigate to resources by region.

Albania, AustriaBelarus, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Georgia, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, MaltaNetherlands, North Macedonia, Norway, Poland, Portugal, RomaniaSerbia, Slovakia, Slovenia, Spain, Sweden, SwitzerlandUkraine, United Kingdom, Vatican City


Albania


Austria


Belarus

View More Resources

Belgium

View More Resources

Bulgaria


Croatia


Cyprus


Czech Republic

View More Resources

Denmark

View More Resources

Estonia


Finland


France

View More Resources

Georgia


Germany

View More Resources

Greece


Hungary


Iceland


Ireland

View More Resources

Italy

View More Resources

Latvia


Lithuania


Luxembourg


Malta


Netherlands

View More Resources

North Macedonia


Norway

View More Resources

Poland


Portugal


Romania


Serbia


Slovakia


Slovenia


Spain

View More Resources

Sweden


Switzerland


Ukraine

View More Resources

United Kingdom

United Kingdom Topic Page in IAPP Resource Center
On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in the United Kingdom.
Click To View


Vatican City