General Data Protection Regulation (GDPR)
Initiative
Official name
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR)
Type
Regulation
Level 1
Initiator
EU
Submitted
25.01.2012
Doc. code
2016/679
Summary
Status
Status
Get a subscription to have access to the whole content.
Current version
Final version
Next step
Entry into force and application
Entry into force
Get a subscription to have access to the whole content.
Application date
Get a subscription to have access to the whole content.
Scope
Relevant for
Get a subscription to have access to the whole content.
Associated initiatives
Level 1
Privacy and Electronic Communications (ePrivacy - Regulation)
(binding, Main version, EU)
Second law on implementation of EU data protection legislation
(binding, Amendment, DE)
Protection of individuals with regard to the processing of personal data by competent authorities
(non-binding, Main version, EU)
Adoption and implementation of the data protection law (DSAnpUG-EU) and federal data protection law (BDSG)
(binding, Main version, DE)
Level 2
Standard contractual clauses (SCCs) for transferring personal data to non-EU countries
(binding, Supplement, EU)
EU-U.S. Data Privacy Framework
(binding, Supplement, Main version, EU)
Standard contractual clauses (SCCs) between controllers & processors located in the EU
(binding, Supplement, EU)
Adequate protection of personal data by the UK according to GDPR
(binding, Supplement, EU)
Level 3 / Other
Guidelines on processing of personal data through video devices
(binding, Supplement, EU)
Guidelines on the processing of personal data in the context of the provision of online services to data subjects
(binding, Supplement, EU)
Guidelines on Codes of Conduct and Monitoring Bodies under GDPR
(non-binding, EU)
Guidelines on the accreditation of certification bodies under GDPR
(non-binding, EU)
Guidelines on the territorial scope of the GDPR
(binding, EU)
Guidelineson derogations of Article 49 under GDPR
(binding, EU)
Guidelines on certification and identifying certification criteria in accordance with Articles 42 and 43 GDPR
(binding, Supplement, EU)
Data Protection by Design and by Default
(binding, Supplement, EU)
Guidelines for transfers of personal data between EEA and non-EEA public authorities and bodies under GDPR
(non-binding, EU)
Guidelines on the interplay of PSD2 and GDPR
(binding, Supplement, EU)
Guidelines on the concepts of controller and processor in the GDPR
(binding, Supplement, EU)
Guidelines on the targeting of social media users
(binding, Supplement, EU)
Statement on the end of the Brexit transition period
(non-binding, EU)
Data protection regarding virtual voice assistants
(non-binding, EU)
Opinion on the protection of personal data in the UK according to GDPR
(non-binding, EU)
Codes of conduct as tools for transfers
(binding, EU)
Restrictions under Article 23 GDPR
(non-binding, Supplement, EU)
Guidelines on data subject rights - Right of access
(binding, EU)
Calculation of administrative fines under the GDPR
(non-binding, EU)
Harmonization of GDPR implementation at EU level
(non-binding, EU)
New EDPB-Recommendations on Controller Binding Corporate Rules (BCR)
(non-binding, EU)
Joint Guide to ASEAN Model Contractual Clauses and EU Standard Contractual Clauses
(non-binding, EU)
Report on the position of data protection officers in the context of the General Data Protection Regulation (GDPR)
(non-binding, EU)
Report from the EU Commission on the functioning of the EU-US data protection framework (1st review 2024)
(non-binding, EU)
Guidelines on the processing of personal data in accordance with Article 6 of the GDPR
(non-binding, EU)
Source: EU, 2016/679, 2016