Regulatory framework

Copyright © 2025 LexisNexis

This subtopic contains an overview of the EU data protection and cybersecurity regulatory framework. It is aimed at lawyers who need a high level overview of the legal framework and key issues, and who are not specialised in data protection. For in-depth practical guidance on data protection, see the Information Law practice area (subject to subscription).

Data protection

Data protection law in the EEA (the EU plus Iceland, Norway, and Liechtenstein) is intended to ensure information about living individuals (within the definition of ‘personal data’) is used fairly and responsibly.

To help ensure that, data protection laws impose a large number of obligations on those ‘processing’ personal data (and on controllers of such processing) and grant rights to those whose personal data is processed (the ‘data subjects’). In summary, ‘processing’ includes doing almost anything with personal data, including storing, sharing, deleting or using it.

This part of the subtopic primarily addresses EEA data protection law, the General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR), that apply to ‘general’ processing of personal data. The regime is referred to as ‘general’ since there are special regimes applicable

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Existing user? Sign-in TAKE A FREE TRIAL
Powered by Lexis+®
Latest EU Law News

EBA report finds anti-money laundering and countering the financing of terrorism supervision of banks improving across EU/ EEA Member States

The European Banking Authority (EBA) has published its final report summarising the actions taken by all 40 competent authorities in response to its findings and recommendations on anti-money laundering and countering the financing of terrorism (AML/CFT) supervision in banks. The report finds that most authorities have made significant progress in adopting a risk-based approach, developing strategies, implementing targeted supervisory plans, and enhancing cooperation at both national and international levels. It highlights that many authorities have aligned their national practices with EBA standards, improving the consistency and effectiveness of AML/CFT supervision and using supervisory tools more strategically. However, some work remains to address outstanding recommendations.

Greek scientist wins damages award in key EU privacy case

MLex: A Greek scientist has won €50,000 in damages for mental distress and reputational harm after the European Anti-Fraud Office (OLAF) published a press release revealing her personal data and making it possible for any reader to identify her. The case has attracted attention on how it addresses a person that is identifiable under the EU data protection rules.

EU adopts regulation streamlining financial services reporting requirements

The European Parliament and Council have adopted Regulation (EU) 2025/… of 8 October 2025 amending Regulations (EU) No 1092/2010, (EU) No 1093/2010, (EU) No 1094/2010, (EU) No 1095/2010, (EU) No 806/2014, (EU) 2021/523 and (EU) 2024/1620 regarding reporting requirements in financial services and investment support (otherwise known as the Better Data Sharing Regulation). The regulation introduces new information sharing obligations between EU financial authorities including the European Supervisory Authorities (ESAs), European Systemic Risk Board (ESRB), Single Resolution Board (SRB), European Central Bank (ECB) and the Authority for Anti-Money Laundering and Countering the Financing of Terrorism (AMLA), implementing a 'report once' principle whereby authorities must request information from other authorities rather than directly from financial institutions where possible. The regulation requires European Supervisory Authorities (ESAs) to prepare a feasibility study for a cross-sectoral integrated reporting system within 60 months, establish a permanent single contact point for reporting duplicative requirements, and grants authorities discretionary powers to share anonymised information with researchers for innovation purposes. The regulation also changes InvestEU Programme reporting frequency from biannual to annual and mandates authorities to review and propose removal of redundant reporting requirements within 24 months.

ESCB renews Statements of Commitment to updated FX Global Code

The European System of Central Banks (ESCB) has renewed its Statements of Commitment to the FX Global Code following the Code's update in December 2024. All ESCB members, including the European Central Bank, have reaffirmed their commitment to adhere to the Code's principles when acting as foreign exchange market participants. The Code, first published in 2017, sets out global principles of good practice in the foreign exchange market and is intended to promote integrity, effective functioning and high ethical standards. The ESCB has encouraged all foreign exchange market participants within its jurisdictions to review the updated Code and renew their own Statements of Commitment to support its objectives.

View EU Law by content type :
News
Practice notes
Precedents
Q&As

Popular documents

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application
Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companies

Priority between loss reliefs in loss making companiesWhy does it matter?A company that is a member of a group and has incurred any of the types of losses available for surrender by way of group relief may, without any further rules, have more than one way in which to use the loss. There are a

Late payment penalties—inheritance tax

Late payment penalties—inheritance tax

Late payment penalties—inheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT—payment deadlines on death—Interest on IHT and Interest on late paid

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal

If a beneficiary signs a deed of disclaimer of their share of an estate and the estate pays their legal fees, will that count as a PET against their estate?A disclaimer is the refusal of a gift prior to acceptance. The refusal of the gift must take place before the beneficiary accepts any benefit

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of case

Strike out—making an application to strike out a statement of caseA strike out order can be made either following an application by the parties or on the court's own initiative. This Practice Note deals with the scenario of the order being made following a party's application.Making an application