The EU’s General Data Protection Regulation (GDPR)

Your guide to GDPR data collection and security requirements – from individual rights and protections, to enforcement and compliance

The far-reaching scope of the European Union’s (EU) GDPR means that organizations must generally adapt their data collection and processing practices if they wish to process the personal data of individuals in EU member states. Stay up to date on U.S. and international privacy and data security laws with trusted news, expert analysis, Practical Guidance, and time-saving practice tools – all part of Bloomberg Law’s comprehensive research solution.

Navigate GDPR data privacy requirements with confidence

Provide sound counsel to your clients or stakeholders on GDPR compliance with the latest news and analysis, Practical Guidance, and more from Bloomberg Law.


Comparing GDPR with Privacy Laws from California, Virginia, and Colorado

Download this informative look at the consumer data privacy laws changing business practices in the U.S.


Navigating Data Laws and AI Challenges

Watch our latest In-House Forum to hear important legislative and regulatory updates and insights for evaluating new technology and consumer data policies.


GDPR Program Compliance Checklist

Follow these 10 steps to establish and maintain a GDPR compliance program and avoid costly penalties.

GDPR compliance measures

The GDPR lists several technical and organizational measures that may be appropriate for helping organizations comply with the law’s data security requirements. These include:

  • The pseudonymization and encryption of personal data
  • The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

GDPR data protection impact assessments

The GDPR requires organizations to conduct a data protection impact assessment (DPIA) before processing data that poses a high risk to individual rights and freedoms. For example, a DPIA is required when a company is engaged in the following:

  • Conducting automated decision making, such as profiling, which may lead to the exclusion of or discrimination against individuals.
  • Processing sensitive personal data on a large scale.
  • Systematically monitoring a publicly accessible area on a large scale.
  • When data processing involves the use of new technologies or the novel application of existing technologies.

A DPIA isn’t a one-time exercise. Rather, DPIAs should be conducted regularly and whenever a new processing activity – especially one involving a new technology – is introduced.

What should be included in a data protection impact assessment?

According to Article 35 of the GDPR, a DPIA should include at least four essential aspects:

  1. A description of and the purpose for the processing.
  2. An assessment of the processing in relation to the purpose.
  3. Consideration of the risks to the rights and freedoms of the data subjects, as well as the measures planned to address the risks.
  4. Whether the measures include safeguards, security measures, and other mechanisms to protect personal data.

Track the latest GDPR developments with Bloomberg Law

The changing landscape of consumer data privacy laws and regulations across the globe can make it difficult to stay compliant across multiple jurisdictions. Save valuable time when you trust Bloomberg Law to tackle complex legal research and manage compliance risks with ease.

Watch the on-demand replay of our latest In-House Forum, Global Privacy Dynamics: Navigating Data Laws and AI Challenges, to hear important privacy issues facing in-house legal teams with legislative and regulatory updates and insights for evaluating new technology and consumer data policies.

Ready to get started? Request a demo to take a tour of Bloomberg Law and see our consumer data privacy resources in action.

Recommended for you

See Bloomberg Law in action

From live events to in-depth reports, discover singular thought leadership from Bloomberg Law. Our network of expert analysts is always on the case – so you can make yours. Request a demo to see it for yourself.