GDPR comparison—accountability and governance [Archived]
Produced in partnership with White and Case
GDPR comparison—accountability and governance [Archived]

The following Information Law guidance note Produced in partnership with White and Case provides comprehensive and up to date legal information covering:

  • GDPR comparison—accountability and governance [Archived]
  • Key
  • Accountability and governance
  • Data Protection Impact Assessments
  • Data Protection Officers
  • Codes of Conduct
  • Seals and certifications

BREXIT: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

ARCHIVED: This Practice Note is archived content and reflects the position prior to the General Data Protection Regulation becoming applicable. This Practice Note is for background information only and is not maintained.

The General Data Protection Regulation (EU) 2016/679 (the GDPR) was published in the Official Journal of the EU on 4 May 2016. It came into force on 24 May 2016. Consisting of 173 recitals and 99 articles over 11 chapters, the GDPR is much more comprehensive than its predecessor, Directive 95/46/EC (the Data Protection Directive).

The GDPR is directly applicable and fully enforceable in all EU Member States from 25 May 2018. The