GDPR / General Data Protection Regulation

What is the GDPR?

The GDPR is an EU regulation on data protection and data privacy that is applicable to all data processing done by organizations and institutions operating in the EU, and outside of the EU if they are processing personal information of the citizens or residents of the European Union or European Economic Area (EEA).

The GDPR stands for General Data Protection Regulation, it was adopted by the Council of the European Union on 8 April 2016, following by adoption by the European Parliament a few days later.

The GDPR became fully enforceable and directly applicable to all EU member states on 25 May 2018. It replaced the Data Protection Directive 95/46/ec which was a governing law that regulated the data protection up until that point.

While the GDPR was intended to unify the EU’s legislation on the subject of data protection, the main goal was to protect the individuals’ personal data and give them back control over how their data is processed.

GDPR has an extraterritorial effect, meaning it is applied to any organization or company that process personal data of EU citizens and residents, no matter of the location of the entity or citizenship and residence of the individual.

GDPR overview

The GDPR represents, to this day, the most comprehensive legislation regarding privacy and data protection granting the EU citizens and residents with rights to protect their personal information and requiring complete transparency from the data controllers.