IN THIS CHAPTER

Taking a look at data protection laws

Taking the most important actions — now

Recognizing what happens when you don’t comply

Gaining a competitive advantage by way of compliance

The General Data Protection Regulation (GDPR), which came into effect on May 25, 2018, is the successor to the European Union's Data Protection Directive [of] 1995 (Directive 95/46/EC).

One aim of the GDPR was to harmonize data protection laws across Europe — so its legal form is a regulation (an order that must be executed) as opposed to a directive (a result to achieve, though the means to achieve aren’t dictated). Unlike a directive, when the European Union (EU) enacts a regulation, it becomes national legislation in each EU member state, with member states having no opportunity to change it via national legislation.

However, EU member states are permitted to make certain derogations (a fancy term for exemptions) from the GDPR (such as in the case of the need to uphold a country’s security), so data protection laws across ...