The Union
Codex.
Regulation (EU) 2016/679 - The General Data Protection Regulation. The gold standard of global privacy law since May 2018.
The 7 Principles
Lawfulness, Fairness, Transparency
Art. 5(1)(a)Purpose Limitation
Art. 5(1)(b)Data Minimization
Art. 5(1)(c)Accuracy
Art. 5(1)(d)Storage Limitation
Art. 5(1)(e)Integrity & Confidentiality
Art. 5(1)(f)Accountability
Art. 5(2)Data Subject Rights
Right to Access
Right to obtain confirmation and access to personal data
Right to Rectification
Right to have inaccurate data corrected
Right to Erasure
Right to be forgotten under certain conditions
Right to Restriction
Right to restrict processing in specific scenarios
Right to Portability
Right to receive data in machine-readable format
Right to Object
Right to object to processing including profiling
Cross-Border Transfers
GDPR restricts transfers of personal data to third countries unless adequate protection is ensured. This creates the global "Brussels Effect" where non-EU entities must align with EU standards.
View Adequacy Matrix →Adequacy Decision
Art. 45Commission-recognized adequate protection
Standard Contractual Clauses
Art. 46(2)(c)Commission-adopted contractual safeguards
Binding Corporate Rules
Art. 47Intra-group transfer rules approved by SA
Derogations
Art. 49Explicit consent, contract performance, etc.
Member States
Germany
BfDI
Employee Data
France
CNIL
Cookie Consent
Italy
Garante
Marketing
Spain
AEPD
Sandbox Host
Netherlands
AP
Digital Services
Ireland
DPC
Big Tech Hub
Explore GDPR In Depth
Access our comprehensive article-by-article analysis of Regulation (EU) 2016/679.
GDPR Deep Dive →