An Introduction to the EU General Data Protection Regulation (GDPR)
The current legal landscape for data privacy in the European Union is fragmented, causing confusion for businesses and individuals. This will drastically change when a new European data protection law comes into force in May 2018. The reform will be the strictest data protection law in the world, potentially impacting every company operating within the EU – even those without a physical presence there.

The existing Directive 95/46/EC came into force in 1995, at a time when less than 1% of Europeans had access to the Internet and concerns about online privacy were largely the stuff of science fiction. Since then, the Internet has evolved dramatically, generating data volumes most people could never have imagined (we now measure in zettabytes). The way this data is collected, stored, and used has fundamentally changed, but the same outdated data protection rules applied.
What is GDPR?
The General Data Protection Regulation (GDPR) harmonizes data protection laws across the EU to fit the digital age. By introducing a single legal framework, the EU believes it will enhance transparency, protect individual rights, and foster the growth of the digital economy.
GDPR places new obligations on companies, government agencies, nonprofits, and other organizations that offer goods and services to individuals in the EU or collect and analyze data tied to EU residents. Even organizations outside Europe must comply with the rules or face significant penalties.
The main objective of GDPR is to give citizens control over their personal data. From an economic perspective, GDPR aims to simplify the regulatory environment for international business by unifying regulation within the EU.
Since GDPR is a regulation rather than a directive, it is directly applicable in all EU member states as of May 2018. Unlike a directive, which only instructs member states to achieve certain results, a regulation is enforceable as law.
Why does the EU want this law?
The EU considers the regulation a critical step in strengthening citizens’ fundamental rights in the digital age and easing business operations by streamlining rules for companies in the digital single market. A single law will also eliminate current fragmentation and reduce costly administrative burdens, leading to estimated annual savings of around €2.3 billion for companies.
One uniform law will end the confusing situation where 28 different member states each have their own rules. While GDPR is strict, compliance will allow companies to confidently conduct business throughout the EU and is expected to substantially cut administrative costs.
Non-compliant organizations can face fines of up to €20 million or 4% of annual revenue—whichever is higher. These penalties are severe and can significantly impact companies of any size. This underscores the importance of implementing major operational reforms to meet requirements.
To be continued…
European legislation is inherently complex because 28 very different countries must agree on the final text. It is remarkable that such a strict regulation has been adopted. The weight of GDPR should not be underestimated, which is why we plan to dedicate more articles to this crucial topic in the future.
Weitere BlogsMore BlogsMeer blogs



