EU General Data Protection Regulation

Resource Center / Topic Pages / EU General Data Protection Regulation

Image

EU General Data Protection Regulation

TOPIC PAGE

In December 2016, the EU Parliament and Council agreed upon the EU General Data Protection Regulation, first proposed in 2012, and as of May 25, 2018, it is in effect.

The GDPR offers a framework for data protection with increased obligations for organizations, and its reach is far and wide. It is applicable to any organization — no matter where it resides — that intentionally offers goods or services to the European Union, or that monitors the behavior of individuals within the EU.

Here, you can find the IAPP’s collection of coverage, analysis and resources related to the GDPR.

Back to Top


Additional News and Resources

Top 10 operational responses to the GDPR


The Top 10 Operational Impacts of the EU’s General Data Protection Regulation


Practical considerations from EU enforcement: One-stop shop


Practical considerations from EU enforcement: legal bases and transparency


Refresher: The GDPR’s Six Legal Bases for Data Processing


Top 10 operational impacts of India’s DPDPA – Comparative analysis with the EU General Data Protection Regulation and other major data privacy laws


IAPP DPC 2024: Reynders discusses GDPR enforcement harmonization, adequacy developments


EDPB issues draft guidelines on legitimate interest, opinion on processors


Data subjects as controllers: Violation of GDPR’s fairness principle


Reducing risks and valuing compliance with the European Data Protection Seal under the GDPR


EDPB opinion on legality of pay-or-consent models in EU GDPR context


ANPD publishes legitimate interest guidance


EDPB creates website auditing tool for GDPR compliance


Data analytics on online services under GDPR: Legal basis for processing


Law firm releases annual GDPR and data breach survey results


Meta’s new digs: A deep dive into practical considerations of consent


Five years in: Impressions on GDPR’s maturity


Key points of the DPC’s GDPR decision on TikTok and children’s data


Can Generative AI Survive the GDPR? (AI Governance Global, an IAPP event 2023)


GDPR fine calculation: A look at the EDPB’s new guidelines and the UK’s approach


Ireland DPC’s data transfers decision: Pragmatic punch or knockout blow?


Reforming the GDPR in a Global Context (IAPP Global Privacy Summit 2023)


Keynote Panel Discussion on GDPR (IAPP Global Privacy Summit 2023)


FPF: Regulatory Strategies of European Data Protection Authorities


Meta’s EU data transfer case faces Article 65 dispute resolution mechanism


Breaking down enforcement of Meta’s legal basis for personalized ads


Using sensitive data to prevent AI discrimination: Does the EU GDPR need a new exception?


Are EU AI Act sandboxes viable without GDPR waivers for experimentation?


UK DPDI Bill: Comparative analysis with the EU GDPR and ePrivacy framework


Proposed EU AI Act blurs lines between AI developers and data processors under GDPR


Sanctions under EU GDPR and recent data regulations: A case of double jeopardy?


Record of processing activities — Are you ready for maturity?


A look behind the EDPB’s move to enhance enforcement cooperation


Consent as legal basis for EU and UK employment


CJEU ruling on GDPR litigation builds ‘jurisprudence on data protection’


ICO GDPR Guidance: Special Category Data


GDPR’s One-Stop-Shop Cross-Border Complaint Statistics (2018-2021)


Dodging the one-stop shop


CNIL – GDPR Guide for Developers


Would anyone in their right mind reopen the GDPR? The IAF’s answer is yes.


#MeToo vs. GDPR: Investigating Sexual Misconduct by EU Employees


3 years in, GDPR highlights privacy in global landscape


GDPR for Marketing: 2021 Guide


Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold


DLA Piper GDPR Data Breach Survey 2021


Encrypt your data to make GDPR and Russian Data Localization Law compatible


Privacy pros say GDPR dispute-resolution trigger ‘no surprise’


Irish DPC: GDPR regulatory activities report


Bird & Bird Guide to the General Data Protection Regulation


GDPR’s second anniversary: A cause for celebration — and concern


DPAs on the Ground


Why Blockchain is not inherently at odds with GDPR


What you must know about ‘third parties’ under GDPR and CCPA


Platform helps organizations take deep dives into GDPR, CCPA


How to ‘background check’ under the GDPR


GDPR and CCPA: A compatibility story


Guide​ ​for​ ​multi-controller​ ​situations​ ​under​ ​the​ ​GDPR


How pharmacists can comply with GDPR


The tension between GDPR and the rise of blockchain technologies


Publicly available data under the GDPR: Main considerations


GDPR one year later: Looking backward and forward


Want Europe to have the best AI? Reform the GDPR


Global recall: How the GDPR impacts product recalls


Privacy professionals begin to look back at year one of the GDPR


Recap: EDPB’s first-year review of GDPR


Op-ed: Encrypted data may still be personal under GDPR


GDPR Enforcement Priorities


Guidance on the use of Legitimate Interests under the EU General Data Protection Regulation


GDPR Awareness Guide


The General Data Protection Regulation Matchup Series