General Data Protection Regulation (GDPR):

A comprehensive EU data protection law, effective from the 25th May 2018. Replacing the 1995 Data Protection Directive it brings in new rights for individuals and new responsibilities for organizations processing personal data.

It also provides data protection authorities with stronger powers, including large fines and the ability to stop organizations from processing personal data. The law applies to all processing of personal data within the EU, and can apply to organizations processing personal data outside of the EU, if that data is about EU data subjects.

Return to glossary