GDPR / General Data Protection Regulation

What is GDPR?

The GDPR or General Data Protection Regulation is an EU regulation on data protection and data privacy that applies to all data processing done by organizations and institutions operating in the EU, and outside of the EU if they are processing personal information of the citizens or residents of the European Union or European Economic Area (EEA).

GDPR was adopted by the Council of the European Union on 8 April 2016, following by adoption by the European Parliament a few days later.

The GDPR became fully enforceable and directly applicable to all EU member states on 25 May 2018. 

While the GDPR was intended to unify the EU’s legislation on the subject of data protection, the main goal was to protect the individuals’ personal data and give them back control over how their data is processed.

GDPR has an extraterritorial effect, meaning it is applied to any organization or company that process personal data of EU citizens and residents, no matter of the location of the entity or citizenship and residence of the individual.


GDPR replaced the Data Protection Directive 95/46/ec which was a governing law that regulated the data protection up until that point.

The objective of the GDPR is to unify the EU legislation governing data protection, reduce administrative inconsistencies among local laws, and simplify the regulatory environment for international organizations doing business in the EU.

Who does the GDPR apply to?

Under the former Data Protection Directive, a business was subject to the data protection law only if it was located in an EU country or used equipment in an EU country to process data.

However, GDPR protects the data of EU citizens and residents, even outside the EU zone. This characteristic is called extraterritoriality. This means that the GDPR applies to all organizations EU and non-EU, that process personal information of European citizens.

This means if your company has a website that offers services or delivery of goods to the EU citizens it is interpreted as offering your goods and services to the EU citizens. It also applies to any business that monitors the behavior of the EU citizens.

Read more about this subject:

Who does the GDPR apply to?

GDPR overview

The GDPR represents, to this day, the most comprehensive legislation regarding privacy and data protection granting the EU citizens and residents with rights to protect their personal information and requiring complete transparency from the data controllers.



All glossaries