What You Need to Know About the European Union’s General Data Protection Regulation (GDPR)


The European Union’s General Data Protection Regulation (GDPR) was enacted into law on May 24, 2016, and goes into effect on May 25, 2018. GDPR governs the processing of personal data by controllers and processors. For businesses based outside of the European Union (EU), the GDPR applies when the business offers goods and services to data subjects in the EU, monitors data subjects’ behavior taking place within the EU, has a legal entity established in the EU, has representatives or equipment located in the EU, or has an EU mailing address. Baker Donelson’s GDPR team works with clients to provide guidance on how to prepare for compliance with GDPR. We also partner with firms in the EU through our international legal network, TerraLex, who also have extensive experience with GDPR and local EU Member State law.

Who Does This Affect? All companies that process personal data of data subjects in the EU or that conduct business in the EU, regardless of their home country.

Why Should You Care? GDPR mandates accountability and demonstration of compliance. Large monetary fines of up to €20 million or four percent of global revenues may be imposed on companies for noncompliance.

Who Enforces GDPR Compliance? Data protection authorities in EU Member States. Data subjects also have a right to seek judicial remedies, including damages.


Courtesy of Baker Donelson. Visit the web page to learn more and for links to helpful documents and webinars.