What is GDPR?

An overview of the GDPR Regulation

Book a Demo

The General Data Protection Regulation (GDPR), which comes into force on the 25th of May 2018, is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the EU. 

The two stated main objectives are to give citizens back control of their personal data, and simplify the regulatory environment for international business. The GDPR also addresses export of personal data outside the EU. This means that if a company based outside the EU processes personally identifiable information of European residents the Regulation still applies to it. 


Watch the Governance, Risk & Compliance Video


Which companies are affected by the GDPR?

To summarize, GDPR has a wide reach and is applicable to:

  • Organizations operating within the EU who are processing customer data
  • Organizations outside the EU that offer goods or services to individuals in the EU
  • Organizations with EU employees

The GDPR supersedes all previous national legislation relating to data privacy, even in the case of the UK, who confirmed its intention to abide by it. Despite the GDPR introducing a number of important features to the data privacy space, the most surprising aspect is the extraordinary financial penalties reserved for noncompliant businesses. At the top of the range, serious offenders can expect fines equivalent to 4% of their annual global revenue or €20 million, whichever sum is greater.


Related Resources