EU General Data Protection Regulation

Understand the GDPR — in plain English.

The clearest guide to Europe's data-protection law: the key changes, every article explained, FAQs, the latest enforcement — and data-protection lawyers when you need to act.

Explore the GDPR Talk to a lawyer
99
Articles in the Regulation
€20M
or 4% of global turnover — max fine
27
EU member states covered
2018
Enforceable since 25 May
Overview

What is the GDPR?

The EU General Data Protection Regulation is the most important change in data-privacy law in two decades.

The GDPR replaced the 1995 Data Protection Directive to harmonise privacy law across Europe, give individuals real control over their personal data, and reshape how organisations everywhere handle it.

Approved in April 2016, it became enforceable on 25 May 2018. It applies to any organisation — anywhere in the world — that processes the personal data of people in the EU.

Read the key changes Browse the FAQs

Watch: GDPR explained in plain English

Video
The Resource Center

Everything you need to understand the regulation

From the headline changes to a summary of all 99 articles — start anywhere.

Resource center
The Regulation

GDPR Key Changes

An overview of the main changes under the GDPR and how they differ from the previous directive.

8 min read
Frequently Asked Questions

GDPR FAQs

Frequently asked questions about the General Data Protection Regulation.

7 min read
The Regulation

GDPR Article Summaries

A summary of the articles contained in the GDPR — the protection of individuals with regard to the processing of personal data and the free movement of such data.

6 min read
The Process

The European Legislative Process

The ordinary legislative procedure as it relates to privacy and data protection legislation.

7 min read
The Process

GDPR Timeline of Events

An overview of key GDPR events from proposal, amendment, approval and adoption to enforcement.

4 min read
The Process

How Did We Get Here?

An overview of the important regulatory events leading up to the GDPR.

8 min read
The Regulation

Controversial Topics

An overview of the topics most likely debated during the Trilogue negotiations, including the stance of each EU body from their respective adopted drafts of the GDPR.

7 min read
Resources

More GDPR Resources

Useful links to official texts, overviews and analysis on all things GDPR.

3 min read
For individuals

Your rights, at a glance

The GDPR gives every person in the EU enforceable rights over their personal data.

Right to access

Obtain confirmation and a free copy of the personal data held about you.

Right to rectification

Have inaccurate or incomplete personal data corrected without delay.

Right to erasure

The 'right to be forgotten' — have your data deleted in defined cases.

Data portability

Receive your data in a machine-readable format and move it elsewhere.

Right to object

Object to processing, including profiling and direct marketing.

Restrict processing

Limit how your data is used while a concern is investigated.

See how each right works
Latest Updates

GDPR is still moving

Record fines, new transfer rules and the EU AI Act keep reshaping compliance. Stay current.

All updates
Enforcement20 January 2026
€6.5bn+

GDPR fines pass €6.5 billion as enforcement matures

Nearly eight years in, total GDPR penalties imposed across the EEA have climbed past €6.5 billion. Enforcement has shifted from headline one-offs to sustained scrutiny of adtech, AI training data and international transfers.

Read briefing
Legislation10 November 2025

New rules to streamline cross-border 'one-stop-shop' enforcement

EU lawmakers agreed a GDPR Procedural Regulation to harmonise how cross-border cases are handled between national regulators — targeting the delays and disputes that have dogged the one-stop-shop mechanism.

Read briefing
Enforcement2 May 2025
€530m

TikTok fined €530 million over data transfers to China

Following an earlier €345 million fine over children's data, Ireland's regulator penalised TikTok €530 million for failing to guarantee that European users' data sent to China received protection essentially equivalent to the EU's.

Read briefing
Technology1 August 2024

The EU AI Act enters into force — and it runs on top of the GDPR

The world's first comprehensive AI law took effect on 1 August 2024, phasing in through 2026. It does not replace the GDPR — it layers on top of it, with personal data fuelling most AI systems in scope.

Read briefing
Insights

Practical guidance from our lawyers

Plain-English how-tos on compliance, data-subject requests, transfers and breach response.

All insights
Data Protection & GDPR12 February 2026

The GDPR Compliance Checklist for 2026: A Practical 12-Step Guide

Compliance is not a one-off project — it is an ongoing posture. Here are the twelve things every organisation should have in place, refreshed for the AI era.

Read more
Data Protection & GDPR15 January 2026

Data Subject Access Requests: How to Respond Without Getting Burned

A single email can trigger a one-month legal clock. Here is how to handle a Data Subject Access Request properly — and the traps that turn a routine request into a complaint.

Read more
Data Protection & GDPR28 November 2025

International Data Transfers After the EU–US Data Privacy Framework

The Data Privacy Framework reopened the transatlantic data route — but it did not make transfer risk disappear. Here is how to move personal data out of the EU safely in 2026.

Read more

Have a data-protection question?

Whether you are mapping data, facing a request, or responding to a breach — tell us what you need and we'll point you to the right specialist.

Request a consultation info@iswlegal.com

Quick links