The General Data Protection Regulation (GDPR) (Regulation (European Union) 2016/679) was adopted on 27 April 2016. It took effect on 25 May 2018.

The regulation is approved by the European Parliament, the Council of the European Union and the European Commission. It protects people's personal data throughout the European Union (EU). The decree also affects data exports from the EU.^{[1] [2]}

The GDPR is aimed at giving citizens control over their personal data. It simplifies regulations for economic relations with other countries by making the EU procedures standardised. The GDPR replaces the Data Protection Directive of 1995. The new GDPR law doesn't need any changes in local laws within the EU. The regulation is binding.^[3]

^[2]

Rules enforced

The General Data Protection Regulation enforces rules that protect people against a wide variety of privacy issues. It gives the right for people to lawfully agree with companies to use their private information. It gives the right for people to have their private information no longer accessible by a company. Users have the right to allow their private information to become public or not. The regulation also makes sure that no personal data is processed unless the user has allowed the processor of personal data to do so. Cite error: Invalid <ref> tag; refs with no name must have content

Timeline

• 25 January 2012: The proposal^[4] for the GDPR was released.
• 21 October 2013: The European Parliament Committee on Civil Liberties, Justice and Home Affairs vote for whether GDPR should become the new regulation for people in Europe.
• 15 December 2015: The European Parliament, Council and Commission (Formal Trilogue meeting) discuss the General Data Protection Regulation. On that day, the GDPR has resulted in a joint proposal.
• 17 December 2015: The European Parliament's LIBE Committee voted for the negotiations between the three parties.
• 8 April 2016: The General Data Protection Regulation was adopted by the European Union.^[5] The only member state voting against was Austria, which argued that several aspects of the new regulation are not satisfactory when compared to the Data Protection Directive.^[6][7]
• 14 April 2016: The General Data Protection Regulation was adopted by the European Parliament, replacing the Data Protection Directive that they previously used.^[8]
• 24 May 2016: The General Data Protection Regulation started to be used around the world, but was not yet fully enforced. This is 20 days after the General Data Protection Regulation was published by the Official Journal of the European Union.^[9]
• 25 May 2018: The General Data Protection Regulation becomes fully enforced around the world. .^[9]
• July/August 2018: GDPR will be enforced in Iceland, Liechtenstein, and Norway. These three countries have joined the EEA Joint Committee, as they all agreed to follow the regulation.^[10]