GDPR (General Data Protection Regulation) is a European Union-driven regulation (specifically the European Parliament, the Council of the European Union and the European Commission) that will strengthen data protection laws throughout the EU. Notably, it will also make provisions for data that is sent outside the EU.
It takes effect from 25th May 2018 and aims to simplify and unify data protection legislation across member states, making it easier for organisations to comply when doing business internationally.
- 25th January 2012: GDPR was first proposed, with a goal of formal adoption in 2016.
- 21st October 2013: Orientation vote held by the European Parliament Committee on Civil Liberties, Justice and Home Affairs.
- 15th December 2015: A joint proposal results from negotiations between the European Parliament, Council and Commission.
- 17th December 2015: European Parliament's LIBE Committee vote in favour of the GDPR proposal
- 8th April 2016: The proposal was adopted by the council of the European Union.
- 14th April 2016: The proposal was adopted by the European Parliament.
- 4th May 2016: GDPR published in the EU Official Journal.
- 24th May 2016: The regulation comes into force (20 days after publication).
- 25th May 2018: Two years after coming into force, GDPR takes full affect and its provisions will apply to all EU member states.
This grace period of two years allows businesses time to ensure that they comply with the new legislation.