The new General Data Protection Regulation (GDPR): What does it mean for you?

On 25 May, the General Data Protection Regulation (GDPR) came into force. The Regulation updates and modernises the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights.

The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens.

In short, the Regulation focuses on:

• reinforcing individuals' rights;
• strengthening the EU internal market;
• ensuring stronger enforcement of the rules;
• streamlining international transfers of personal data and;
• Setting global data protection standards.

In summary, the GDPR applies to any business that processes personal data by automated or manual processing (provided the data is organised according to criteria).

The GDPR widens the territorial scope of data protection rules, as it applies to:

• organisations - data controllers and their processors – with an establishment in an EU Member State, for processing in the context of activities of that establishment;
• organisations not established in the EU but which offer goods/services at the EU market, or monitor the behaviour of EU residents;
• data controllers and processors not established in the EU, but operating in contexts in which EU MS law applies, as stipulated by public international law.

For further information on GDPR, please make use of this online tool that helps citizens, businesses and other organisations to comply and benefit from the new data protection rules.

For links, factsheets and further advice, check the links below.