General Data Protection Regulation

Regulation (EU) 2016/679
European Union regulation
Text with EEA relevance
TitleRegulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Data Protection Directive)
Made byEuropean Parliament and Council of the European Union
Journal referenceL119, 4 May 2016, p. 1–88
History
Date made14 April 2016
Implementation date25 May 2018
Preparative texts
Commission proposalCOM/2012/010 final – 2012/0010 (COD)
Other legislation
ReplacesData Protection Directive
Current legislation

The General Data Protection Regulation (Regulation (EU) 2016/679),[1] abbreviated GDPR, or French RGPD (for Règlement général sur la protection des données) is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business.[2] It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.

The European Parliament and Council of the European Union adopted the GDPR on 14 April 2016, to become effective on 25 May 2018. As an EU regulation (instead of a directive), GDPR is directly applicable with force of law on its own without the need of transposition. However, it also provides flexibility for individual member states to modify (derogate from) some of its provisions.

As an example of the Brussels effect, the regulation became a model for many other laws around the world, including in Brazil, Japan, Singapore, South Africa, South Korea, Sri Lanka, and Thailand.[citation needed][3] After leaving the European Union the United Kingdom enacted its "UK GDPR", identical to the GDPR.[4] The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.[5]

  1. ^ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  2. ^ "Presidency of the Council: 'Compromise text. Several partial general approaches have been instrumental in converging views in Council on the proposal for a General Data Protection Regulation in its entirety. The text on the Regulation which the Presidency submits for approval as a General Approach appears in annex,' 201 pages, 11 June 2015, PDF". Archived from the original on 25 December 2015. Retrieved 30 December 2015.
  3. ^ Ryngaert, C & Taylor, M 2020, ‘The GDPR as Global Data Protection Regulation?’, AJIL unbound, vol. 114, pp. 5–9.
  4. ^ "The UK GDPR". Information Commissioner's Office ico. 28 June 2021. Retrieved 3 May 2024.
  5. ^ Francesca Lucarini, "The differences between the California Consumer Privacy Act and the GDPR" Archived 12 July 2020 at the Wayback Machine, Adviser