EU GDPR regime

Copyright © 2025 LexisNexis

Data protection law in the EEA (the EU plus Iceland, Norway, and Liechtenstein) is intended to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

To help ensure that, data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing) and grant rights to those whose personal data is processed (the ‘data subjects’). In summary, ‘processing’ includes doing almost anything with personal data, including storing, sharing, deleting or using it.

This subtopic addresses EEA data protection law, the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) and its key features at a supranational level. The regime is referred to as ‘general’ since there are special regimes applicable to the processing of personal data in niche areas, such as law enforcement processing and processing by the intelligence services, that are unlikely to be relevant to most organisations. Individual EEA states may exercise a number of national derogations and other discretions to put in place various additional or alternative data protection laws and the various supervisory authorities in each state may

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest EU Law News

Opera’s Edge dispute raises key question: Who can challenge EU DMA decisions?

MLex: Web browser Opera's challenge to the European Commission over its refusal to designate Microsoft's Edge as a digital 'gatekeeper' was heard in court this week. It delved into the thorny question of who can challenge the regulator's Digital Markets Act decisions: The law doesn't specify any official status for third parties, despite the commission relying on them to inform its decisions. The outcome of the appeal will be significant for companies that operate in the shadows of the biggest platforms.

EU Commission eyes changes to how AI law covers sector regulated products

MLex: The European Commission is considering changes to how products regulated under EU sectoral product safety laws are covered by the EU’s AI law as part of its wider drive to streamline digital regulations, MLex has learned. The move, which is being considered as part of a digital ‘omnibus’ package due 19 November 2025, could ease obligations for sectors such as medical devices and industrial machinery.

EBA publishes CRR final draft RTS on CVA risk of securities financing transactions

The European Banking Authority (EBA) has published its final draft regulatory technical standards (RTS) made under ​Article 382(6) of the Capital Requirements Regulation (Regulation (EU) No 575/2013) (CRR) specifying the conditions and criteria for assessing whether credit valuation adjustment (CVA) risk exposures arising from fair-valued securities financing transactions (SFTs) are material. The RTS also define the frequency of this assessment.

Commission establishes Digital Commons European Digital Infrastructure Consortium

The European Commission has adopted a decision establishing the Digital Commons European Digital Infrastructure Consortium (DC-EDIC), a new legal instrument enabling Member States to jointly develop, deploy and operate cross-border digital infrastructures with dedicated governance and legal personality. DC-EDIC will have its statutory seat in Paris, with France, Germany, the Netherlands and Italy as founding members, while other Member States may join under fair and reasonable terms. The consortium's governance structure comprises an Assembly of Members, a Director for day-to-day management, and an Advisory Board for strategic orientations. Legal requirements include GDPR-compliant data practices with arrangements for investigating security breaches, default release of jointly developed software under Free and Open-Source licences, and procurement following non-discrimination principles. The consortium is scheduled for official launch in December 2025, with planned milestones including recruitment of the Director and founding team, launch of a DEP support project, and delivery by 2027 of a One-Stop-Shop and Expertise Hub, Digital Commons Forum and Award, and an annual State of the Digital Commons report.

View EU Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of
Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?

Can shares in a limited company that have not been paid-up at all be cancelled?A limited company having a share capital may not alter that share capital, except in the ways listed in section 617 of the Companies Act 2006 (CA 2006). Shares in a company cannot simply be cancelled without following an

Glossary—Latin legal terms

Glossary—Latin legal terms

Glossary—Latin legal termsDespite attempts in recent years to simplify the language used in legal cases, there are still a number of Latin phrases commonly used in personal injury claims. The following Latin phrases are listed in alphabetical order:Latin

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements

Template for regulatory references given by SMCR firms and disclosure requirements[Insert addressee details]Dear [insert name][It is our understanding that [insert name of prospective employee] [was an employee of yours between the dates of [insert dates as appropriate] OR is a current employee of