---
title: "EU GDPR"
url: "https://prighter.com/resources/regulations/eu-gdpr"
type: "regulation"
date: "2026-05-20T09:01:29.831Z"
---

# EU GDPR

The EU General Data Protection Regulation (GDPR) is one of the most comprehensive data privacy laws in the world. It came into effect in 2018 and has since become the global gold standard for data protection — inspiring regulations around the world.

The GDPR has extra-territorial scope meaning that it applies also to organisations outside of Europe. If a company does not have an establishment in Europe but targets the EU market or monitors EU data subjects, it falls under the scope of the GDPR. In addition to all other obligations under the GDPR such organisations are required to appoint a representative to act on their behalf as the addressee for authorities and data subjects.

One of the GDPR's core objectives is to give individuals more control over how their personal data is processed. This is reflected in a wide range of data subject rights, including the right to access, rectification, erasure (the "right to be forgotten"), restriction of processing, data portability, and the right to object. Organizations must provide transparent information about data processing and respond to these rights promptly, usually within one month.

The GDPR also imposes strict obligations on organizations to ensure data is processed lawfully, fairly, and securely. Controllers and processors must implement appropriate technical and organizational measures, maintain detailed records of processing activities, and conduct Data Protection Impact Assessments (DPIAs) for high-risk processing. Appointing a Data Protection Officer (DPO) is required in certain cases to ensure ongoing compliance and oversight.

A critical aspect of GDPR compliance is the requirement to report personal data breaches. Organizations must notify the relevant supervisory authority within 72 hours of becoming aware of a breach, unless it’s unlikely to pose a risk to individuals’ rights and freedoms. If the breach is likely to result in high risk, affected data subjects must also be informed. These obligations highlight the GDPR’s focus on accountability, transparency, and the protection of individual privacy.

## Full name of the law

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

## Application or Transposition date

25 May 2018

## Articles

- [GDPR in Practice: Key Insights and Recommendations from the FRA's Latest Report](https://prighter.com/resources/fra-report-gdpr-in-practice)
- [GDPR Compliance in AI: Essential Tips from CNIL's Latest Guidance](https://prighter.com/resources/cnil-gdpr-ai-guidelines)
- [New Criteria for GDPR Fines Determined by the CJEU](https://prighter.com/resources/eu-court-gdpr-fines-updates-compliance)
- [Insightful CJEU Ruling Sheds Light on GDPR's Scope in Data Identifiability](https://prighter.com/resources/cjeu-ruling-gdpr-scope-vehicle-data-identifiability)

## Legal texts

- [EU GDPR Legal Text](https://prighter.com/resources/laws/gdpr)

## Products

- [EU GDPR Representation](https://prighter.com/privacy-representation/eu-gdpr)

## Sitemap

- Site map (Markdown): https://prighter.com/sitemap.md
- LLMs index: https://prighter.com/llms.txt
