Select your language

bgбългарски
esespañol
csčeština
dadansk
deDeutsch
eteesti
elελληνικά
enEnglish
frfrançais
gaGaeilge
hrhrvatski
ititaliano
lvlatviešu
ltlietuvių
humagyar
mtMalti
nlNederlands
plpolski
ptportuguês
roromână
skslovenčina
slslovenščina
fisuomi
svsvenska

Search

Home
Law
Law by topic
Data protection
Reform of EU data protection rules
Rules for business and organisations

Rules for business and organisations

Find out what your organisation must do to comply with EU data protection rules and learn how you can help citizens exercising their rights under the regulation.

Application of the regulation

Do the data protection rules apply to data about a company?
Do the rules apply to SMEs?
Who does the data protection law apply to?

Dealing with citizens

Are there restrictions on the use of automated decision-making?
Can individuals ask to have their data transferred to another organisation?
Do we always have to delete personal data if a person asks?
How should requests from individuals exercising their data protection rights be dealt with?
What happens if someone objects to my company processing their personal data?
What personal data and information can an individual access on request?

Disclaimer

Enforcement and sanctions

Enforcement
Sanctions

Legal grounds for processing data

Are there any specific safeguards for data about children?
Can data received from a third party be used for marketing?
Grounds for processing
Sensitive data

Library of related documents

Obligations

Are the obligations the same regardless of the amount of data my company/organisation handles?
Controller/processor
Data Protection Officers
How can I demonstrate that my organisation is compliant with the GDPR?
What does data protection ‘by design’ and ‘by default’ mean?
What is a data breach and what do we have to do in case of a data breach?
What rules apply if my organisation transfers data outside the EU?
When is a Data Protection Impact Assessment (DPIA) required?

Principles of the GDPR

For how long can data be kept and is it necessary to update it?
How much data can be collected?
Overview of principles
Purpose of data processing
What information must be given to individuals whose data is collected?

Public administrations and data protection

How should requests from individuals be dealt with?
What are the main aspects of the General Data Protection Regulation (GDPR) that a public administration should be aware of?
What if a public administration fails to comply with the data protection rules?

Share this page

This site is managed by:
Directorate-General for Communication

Strategy
About the European Commission
Business, Economy, Euro
Live, work, travel in the EU
Law
Funding, Tenders
Research and innovation
Energy, Climate change, Environment
Education
Aid, Development cooperation, Fundamental rights
Food, Farming, Fisheries
EU regional and urban development
Jobs at the European Commission
Statistics
Press Corner
Events
Publications

Contact the European Commission
Accessibility
Follow the European Commission on social media
Resources for partners
Report an IT vulnerability

Languages on our websites
Cookies
Privacy policy
Legal notice