EU GDPR – Global Relay Intelligence & Practice

EU GDPR

Rule Collection

The General Data Protection Regulation or GDPR imposes data privacy and security obligations on organizations that handle the personal data of or provide goods or services to EU citizens or residents.

Rule Overview

Jurisdiction: European Union

Regulator: EDPB

Topic: Data Protection

Overview

Rules in This Collection

Notable

Latest News

Further Reading

GDPR has an extraterritorial effect. In other words it also applies to organizations that are based outside of the EU.

Five key GDPR definitions

Personal data – any information that relates to an individual who can be directly or indirectly identified.
Data processing – any action that is performed on data including collecting, recording, organizing, structuring and storing.
Data subject – the person whose data is processed.
Data controller – the person who decided why and how personal data will be processed.
Data processor – a third party that processes personal data on behalf of a data controller.

Article 3

Territorial scope

Article 5

Principles

Article 6

Lawfulness of processing

Article 7

Conditions for consent

Article 8

Conditions for child's consent

Article 9

Special categories

Article 12

Measures for the exercise of the rights of the data subject

Article 13

Information to be provided where personal data is collected

Article 14

Information to be provided where personal data has not been collected

Article 22

Automated individual decision-making, including profiling

Article 25

Data protection by design and default

Article 28

Processor

Article 30

Records of processing activities

Article 32

Security of processing

Article 45

Data transfers on the basis of an adequacy decision

Article 49

Derogations for specific situations

Article 83

General conditions for imposing administrative fines

Rules in This Collection

EU GDPR This Rule

Notable

New data bridge for UK-US data transfers to help firms

Privacy

New data bridge for UK-US data transfers to help firms

October 10, 2023

Transfer of UK personal data to US simplified, UK data transfer rules back in step with EU, ICO offers qualified backing.

Paula Barrett | Eversheds Sutherland, Michael Bahar | Eversheds Sutherland7 min read

Amazon France Logistique fined €32m for intrusive employee monitoring

Privacy

Amazon France Logistique fined €32m for intrusive employee monitoring

January 26, 2024

CNIL found that the company's monitoring and data collection were disproportionate and excessively intrusive.

Martina Lindberg2 min read

Santa Claus is coming to town, but is he GDPR compliant?

Data

Santa Claus is coming to town, but is he GDPR compliant?

December 22, 2023

"He’s making a list, he’s checking it twice, he’s gonna find out who’s naughty or nice" … but is Santa doing so in compliance with the GDPR?

Sherif Malak | Shoosmiths, Sarah Moss | Shoosmiths5 min read

Privacy

New data bridge for UK-US data transfers to help firms

Privacy

Amazon France Logistique fined €32m for intrusive employee monitoring

Data

Santa Claus is coming to town, but is he GDPR compliant?

Latest News More on EU GDPR

Privacy

OPINION: Will UK Online Safety Act be a toothless tiger in the battle against fraud?

June 13, 2025

As the digital landscape continues to evolve, social media platforms are empowering fraudsters to exploit the vulnerable and gullible.

Martin Kenney | MKS Law3 min read
$Vodafone fined for GDPR infractions in Germany$

Data

Vodafone fined for GDPR infractions in Germany

June 12, 2025

Failure to adequately monitor the work of third-party agencies and security deficiencies of online portal lead to a €45m ($51m) fine.

Thomas Hyrkiel1 min read
Privacy

European Commission proposes GDPR simplification for small mid-cap companies

June 11, 2025

Proposal to extend exemptions from GDPR record-keeping.

Clarisse Knaebel3 min read
Privacy

Navigating Africa's data privacy frontier

June 9, 2025

While the regulatory framework is currently fragmented, Africa holds a lot of unleashable potential.

Kuda Hove, Bridget Mafusire5 min read
GRIP Extra

GRIP Extra: CrowdStrike, Carahsoft investigated over IRS deal, SEC settles with Ripple

May 12, 2025

Other news includes the UK and US agreeing to a trade deal to reduce tariffs, NSO group being ordered to pay $167m in damages for WhatsApp hack, and Chinese regulators announcing a 10-step plan to calm markets.

GRIP2 min read
Privacy

IMY fines Swedish Equality Ombudsman over data security failures

May 7, 2025

The Swedish Government Agency failed to keep sensitive data contained in a web form fully secure.

Martina Lindberg1 min read
Data

CNIL reports increased data breaches and complaints in France 2024

May 5, 2025

Personal data breaches increased 20%, and large breaches affected one million individuals 50%.

Martina Lindberg2 min read
Privacy

€1.2 billion in fines levied in 2024 for GDPR breaches in the EU

April 30, 2025

EDPB 2024 annual report also highlights cooperation between regulators and sizeable fines against large tech for data protection breaches.

Thomas Hyrkiel2 min read

Further Reading

SME data protection guide

White & Case guide to national implementation