A guide to the General Data Protection Regulation [Updated for 2019]

For in-house lawyers, Data Protection Officers, and specialists in compliance and privacy protection

On 4 May 2016, the text of the General Data Protection Regulation (GDPR) was published in the Official Journal of the European Union, concluding over four years of intensive legislative work on a new data protection legal framework for Europe.

The GDPR became effective on 25 May 2018 when it replaced the existing EC Data Protection Directive (EC/95/46) (Directive), bringing new legal rights for individuals, extending the scope of responsibilities for data controllers and processors and enhancing the regime for enforcement to include the risk of fines at up to 4% of an organisation's worldwide annual turnover.

DLA Piper have designed this Guide to provide in-house lawyers, Data Protection Officers and others dealing with privacy compliance issues on a day-to-day basis with an easy-reference manual to the GDPR.

The Guide presents an outline of each section of the GDPR, highlighting the key areas of reform and giving practical pointers about the tasks to take to support compliance, in six sections:

  • Key facts about the GDPR Scope
  • Fair processing and individual rights
  • Accountability within the organisation
  • Managing external flows of data
  • Working with supervisory authorities

For ease of reference, headings within each section in the Guide are colour coded to show the degree of change from the previous regulatory regime:

  • gray denotes a requirement that was largely unchanged
  • dark blue denotes a slightly modified regulatory position
  • red denotes an entirely new, or substantially modified regulatory requirement

Each section also provides a clear cross-reference to the relevant Article within the GDPR, which we suggest you consult for the authoritative legal position on any particular matter.