The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict global privacy requirements governing how you manage and protect personal data while respecting individual choice—no matter where data is sent, processed, or stored.


GDPR is a new privacy regulation across the EU and it provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data. GDPR compliance is not a one-time activity, but is an ongoing process.


The GDPR takes effect on May 25, 2018. It will replace the existing Data Protection Directive (Directive 95/46/EC), which has been in force since 1995.


The law imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EU and EES or that collect and analyze data tied to EU/EES residents—and it applies no matter where they are in the world.

Last updated: 5/28/2018