Skip to main content

Overview

FieldValue
CELEX32016R0679
StatusActive
Articles99
Recitals173
EUR-LexView Official Text

Compliance Deadlines

DateTypeDescription
2016-05-24Entry into forceRegulation enters into force
2018-05-25Full applicationFull application of all requirements

Stakeholder Roles

The GDPR defines obligations for the following stakeholder roles:
  • manufacturer - Developers of data processing systems and tools
  • importer - Entities bringing data processing services into the EU
  • distributor - Processors making data services available
  • authorized_representative - EU representatives for non-EU controllers/processors
  • notified_body - Certification bodies for data protection
  • market_surveillance - Supervisory authorities (DPAs)
  • consumer - Data subjects (natural persons)

Requirement Types

Requirements in the GDPR are classified as:
  • obligation - Mandatory data protection requirements
  • prohibition - Processing activities that are forbidden
  • right - Data subject rights (access, rectification, erasure, etc.)
  • procedure - Procedures for compliance and breach notification
  • general - General provisions and definitions

API Usage

Key Topics

  • Lawful basis for processing
  • Data subject rights (access, rectification, erasure, portability, objection)
  • Controller and processor obligations
  • Data protection impact assessments
  • Breach notification requirements
  • International data transfers
  • Administrative fines and penalties