The General Data Protection Regulation (GDPR)
Produced in partnership with Fieldfisher LLP
The General Data Protection Regulation (GDPR)

The following Financial Services guidance note Produced in partnership with Fieldfisher LLP provides comprehensive and up to date legal information covering:

  • The General Data Protection Regulation (GDPR)
  • Conceptual changes
  • Material scope
  • Territorial scope
  • Personal data and special categories of personal data
  • Pseudonymous and anonymous data
  • Mixed datasets
  • Controllers
  • Processors and related contract terms
  • Rights of the data subject
  • more

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU law. During this period, the GDPR applies in the UK and the UK generally continues to be treated as an EU (and EEA) state for EEA and UK data protection law purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection laws that are anticipated to apply after the end of it, see Practice Note: Brexit—implications for data protection.

After four years of negotiation, amendments and drafting Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, (the General Data Protection Regulation) (the GDPR) was published in the Official Journal of the EU on 4 May 2016. It came into force on 24 May 2016 and directly applicable and enforceable in all EU Member States on 25 May 2018.

At a glance, the format of the GDPR shows how much more comprehensive this