GDPR

The General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) is the European Union's comprehensive data protection framework. It entered into force on 24 May 2016 and has been directly applicable in all EU member states since 25 May 2018.

Scope

The GDPR applies to all organisations that process personal data of individuals in the EU, regardless of where the organisation is based. It covers both data controllers and data processors.

Key Principles

• Lawfulness, fairness, and transparency of processing
• Purpose limitation and data minimisation
• Rights of data subjects (access, rectification, erasure, portability)
• Data protection by design and by default
• Mandatory data breach notification within 72 hours
• Accountability and record-keeping obligations

Articles

Browse the full text of the regulation article by article using the table of contents on the left.