Skip to Primary Navigation

Skip to main content

EU GDPR

Rule Collection

The General Data Protection Regulation or GDPR imposes data privacy and security obligations on organizations that handle the personal data of or provide goods or services to EU citizens or residents.

Rule Overview

Jurisdiction: European Union

Regulator: EDPB

Topic: Data Protection

Overview
Rules in This Collection
Notable
Latest News
Further Reading

GDPR has an extraterritorial effect. In other words it also applies to organizations that are based outside of the EU.

Five key GDPR definitions

  • Personal data – any information that relates to an individual who can be directly or indirectly identified.
  • Data processing – any action that is performed on data including collecting, recording, organizing, structuring and storing.
  • Data subject – the person whose data is processed.
  • Data controller – the person who decided why and how personal data will be processed.
  • Data processor – a third party that processes personal data on behalf of a data controller.
Article 3
Territorial scope
Article 5
Principles
Article 6
Lawfulness of processing
Article 7
Conditions for consent
Article 8
Conditions for child's consent
Article 9
Special categories
Article 12
Measures for the exercise of the rights of the data subject
Article 13
Information to be provided where personal data is collected
Article 14
Information to be provided where personal data has not been collected
Article 22
Automated individual decision-making, including profiling
Article 25
Data protection by design and default
Article 28
Processor
Article 30
Records of processing activities
Article 32
Security of processing
Article 45
Data transfers on the basis of an adequacy decision
Article 49
Derogations for specific situations
Article 83
General conditions for imposing administrative fines
Rules in This Collection
EU GDPR This Rule
EU GDPR Art 6
Notable
New data bridge for UK-US data transfers to help firms

New data bridge for UK-US data transfers to help firms

Transfer of UK personal data to US simplified, UK data transfer rules back in step with EU, ICO offers qualified backing.

Paula Barrett | Eversheds Sutherland, Michael Bahar | Eversheds Sutherland7 min read

Amazon France Logistique fined €32m for intrusive employee monitoring

Amazon France Logistique fined €32m for intrusive employee monitoring

CNIL found that the company's monitoring and data collection were disproportionate and excessively intrusive.

Martina Lindberg2 min read

Santa Claus is coming to town, but is he GDPR compliant?

Santa Claus is coming to town, but is he GDPR compliant?

"He’s making a list, he’s checking it twice, he’s gonna find out who’s naughty or nice" … but is Santa doing so in compliance with the GDPR?

Sherif Malak | Shoosmiths, Sarah Moss | Shoosmiths5 min read

Data

New data bridge for UK-US data transfers to help firms

Data

Amazon France Logistique fined €32m for intrusive employee monitoring

Data

Santa Claus is coming to town, but is he GDPR compliant?

Latest News More on EU GDPR 

Further Reading

SME data protection guide Go to https://edpb.europa.eu/sme-data-protection-guide/faq-frequently-asked-questions_en White & Case guide to national implementation Go to https://www.whitecase.com/insight-our-thinking/gdpr-guide-national-implementation#foreword