General data protection regulation (GDPR)

 

SUMMARY OF:

Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and the free movement of such data

WHAT IS THE AIM OF THE REGULATION?

KEY POINTS

Individuals’ rights

The GDPR strengthens existing rights, provides for new rights and gives individuals more control over their personal data. It includes the following.

Rules for businesses

The GDPR creates a level playing field for all companies operating in the EU internal market, adopts a technology-neutral approach and stimulates innovation through a number of steps, which include the following.

Review

The Commission submitted a report on the evaluation and review of the regulation in June 2020. The next evaluation is due in 2024.

FROM WHEN DOES THE REGULATION APPLY?

The GDPR has applied since 25 May 2018.

BACKGROUND

For further information, see:

Following the COVID-19 outbreak and the introduction of measures to cope with the impact of the crisis, the Commission adopted:

MAIN DOCUMENT

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, pp. 1–88).

Successive amendments to Regulation (EU) 2016/679 have been incorporated in the original text. This consolidated version is of documentary value only.

RELATED DOCUMENTS

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA (OJ L 119, 4.5.2016, pp. 89–131).

See consolidated version.

Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (OJ L 295, 21.11.2018, pp. 39–98).

Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (OJ L 201, 31.7.2002, pp. 37–47).

See consolidated version.

last update 07.01.2022