Skip to main content

GDPR - General Data Protection Regulation (EU)

Official Name

GDPR or the General Data Protection Regulation (EU) 2016/679

Details about the GDPR

The bill has been in effect since May 25, 2018. 

This regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA) also addresses the transfer of personal data outside the EU and EEA areas. The GDPR's primary aim is to enhance the control and rights of individuals over their personal data and to simplify the regulatory environment for international business.

Unless a data subject has provided informed consent to data processing for one or more purposes, personal data may not be processed unless there is at least one legal basis to do so. Article 6 states the lawful purposes are:

  • (a) If the data subject has given consent to the processing of his or her personal data;
  • (b) To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract;
  • (c) To comply with a data controller's legal obligations;
  • (d) To protect the vital interests of a data subject or another individual;
  • (e) To perform a task in the public interest or in official authority;
  • (f) For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children).

Resources about the GDPR:

  • Official legislation here 
  • Article on our blog here
  • A legal perspective here