What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation clarifies and introduces certain new rules for data subjects and ensures, except in exceptional circumstances, an equal level of protection for all individuals from the European Union

Contemporary information and communication technology has enabled an imaginably fast flow of information and has radically changed the way in which personal data is processed.

These changes led to the adoption of the General Data Protection Regulation—better known as the GDPR—as a strong and coherent data protection framework at Union level. The objective of the General Data Protection Regulation is to protect personal data of natural persons and give citizens control over their personal data, as well as to create a high, uniform level of personal data protection.

The General Data Protection Regulation is binding and directly applicable in all member states of the European Union as of 25 May 2018, and is backed by strong enforcement and reliability, with a special focus on the importance of creating the trust that will allow the digital economy to develop across the EU internal market.

The General Data Protection Regulation clarifies and introduces certain new rules for data subjects and ensures, except in exceptional circumstances, an equal level of protection for all individuals from the European Union.

The General Data Protection Regulation determines the rights of individuals and, in line with this, also the obligations of entities which process personal data, such as data controllers or data processors. The General Data Protection Regulation is applicable to all business entities and individuals who carry out certain activities of collecting and/or processing personal data, for example; associations, hospitals, insurance companies, even natural persons who process personal data beyond the scope of a purely personal or household activity, if this activity is connected to a professional or commercial activity.