FAQ

← Back to FAQ index

Personal Data Protection in Europe: What Laws Regulate It?

Personal data protection in Europe is primarily regulated by the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018. This comprehensive regulation applies to all EU member states and creates a unified framework for data protection across the European Union.

Key Legislation:

GDPR (General Data Protection Regulation)

  • The cornerstone of European data protection law
  • Applies to any organization processing personal data of EU residents, regardless of where the organization is located
  • Establishes strict rules for data collection, processing, storage, and transfer
  • Grants individuals significant rights over their personal data

ePrivacy Directive (Cookie Law)

  • Complements GDPR by focusing specifically on electronic communications
  • Regulates cookies, tracking technologies, and direct marketing
  • Currently being updated as the ePrivacy Regulation

National Data Protection Laws

  • Each EU member state has its own data protection authority and may have additional national legislation
  • These laws work alongside GDPR to provide comprehensive protection

Individual Rights Under GDPR:

  • Right to information and access
  • Right to rectification (correction)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

Penalties:

Organizations that violate GDPR can face fines of up to €20 million or 4% of their annual global turnover, whichever is higher.

← Back to FAQ index

Other questions

How difficult is it to set up a cookie banner?
Do all cookies require user consent?
What reference should be included in the privacy policy regarding the use of Google Fonts?
What are the penalties for violating personal data usage regulations?
Do I Need a Cookie Policy on My Website?
What is integrated data protection (Privacy by Design)?