The GDPR at a Glance 

A better understanding of the EU General Data Protection Regulation (GDPR) 

(Click on the icons below or scroll down the page and find the article you're looking for)

Introduction
The  main concepts to understand the GDPR  

 


What’s GDPR?
The General Data Protection Regulation (“GDPR”) is a European regulation applicable since May 25, 2018. It is aimed at strengthening ...
Read More


Does GDPR apply to your business?
The territorial scope of the new data protection regulation applicable from May 2018 (GDPR) is much wider than the one ...
Read More


Controller or Processor?
Under the General Data Protection Regulation (GDPR), any person (including organisations) handling personal data is subject to a different level ...
Read More


The Privacy Principles
Under the EU general data protection regulation (GDPR), any data processing activities must be compliant with six privacy principles, which ...
Read More


Data Protection by Design and by Default
Data Protection by design and by default are principles defined in article 25 of the General Data Protection Regulation (GDPR).  ...
Read More


The Legal Bases for Processing Personal Data
Under the General Data Protection Regulation (GDPR),  the controllers  must determine the legal basis for each purpose of data processing ...
Read More

Data Controller
A glimpse of what a data controller should be aware of

Privacy Policy and GDPR: What To Update
The General Data Protection Regulation (GDPR) requires organisations, processing personal data as controllers, to provide the data subjects (i.e. individuals ...
Read More


Controller’s obligations under the GDPR
Under the European General Data Protection Regulation  (GDPR), controllers (company or public authority using personal data for their purposes) are ...
Read More


Consent under the GDPR
Under the European General Data Protection Regulation (GDPR), consent is one of the legal bases upon which controllers may rely ...
Read More


Data Protection Impact Assessment (DPIA)
Under the General Gata Protection Regulation (GDPR), controllers must:  Keep a record of their processing activities (see here for more details); ...
Read More


Record of Processing Activities
Under the European General Data Protection Regulation (GDPR), organisations processing personal data must maintain a record of their processing activities (ROPA) ...
Read More


Personal Data Breach Notification
Under the General Data Protection Regulation (GDPR), controllers must notify: the competent authority of any personal data breach likely to ...
Read More

Data Processor
Check out the data processor's new responsibilities

Record of Processing Activities

Under the European General Data Protection Regulation (GDPR), organisations processing personal data must maintain a record of their processing activities (ROPA) ...
Read More


Processor’s Obligations Under the GDPR

Under the General Data Protection Regulation (GDPR), processors (i.e. organisations processing personal data on behalf of a third party) is subject to new ...
Read More

Individuals' rights
Overview and more detailed analysis of individuals' rights

GDPR : Employee’s right of access
The General Data Protection Regulation (GDPR) gives data subjects rights over their own personal data, including the right of access ...
Read More


Overview of the Individuals’ Rights Under the GDPR
Under the General Data Protection Regulation (GDPR), individuals have several rights over their personal data (i.e. right of access, right ...
Read More


Right to Data Portability
The right to data portability is the new individual’s right provided in article 20 (1) of the new data protection ...
Read More

Data Protection Officer (DPO)
Requirements, appointment, role etc.

When to Appoint a Data Protection Officer
The designation of a Data Protection Officer (DPO) is either mandatory or voluntary depending (i) on the kind of organisation, (ii) ...
Read More


Data Protection Officer’s Role and Responsibilities
Under the General Data Protection Regulation (GDPR), when an organisation must or choose to appoint a Data Protection Officer (see ...
Read More


Data Protection Officer: Appointment, Position and Skills
When an organisation appoints a Data Protection Officer whether on a voluntarily basis or because its processing activities meet the ...
Read More

Miscellaneous
For both controllers and processors

Cookies and other Trackers : How to Comply
Following the hundreds  of million fines imposed Amazon, Google and Facebook by the CNIL and other authorities relating to their ...
Read More


GDPR : International Data Transfers
Under the General Data Protection Regulation (GDPR), personal data transfer outside of the EEA (i.e. EU and Norway, Lichtenstein and ...
Read More


GDPR : Sanction (Administrative fine)
The General Data Protection Regulation (GDPR), applicable since May 2018, gives the European Data Protection Authorities, since then called the ...
Read More


One-Stop-Shop under the GDPR: how does that work?
Under the General Data Protection Regulation (GDPR), organisations which carry out a « cross border data processing » must appoint ...
Read More