The GDPR: A Report on the First Three Years of Enforcement

he GDPR_A Report on the First Three Years of Enforcement image

This report will consider some of the high-profile and noteworthy decisions taken by DPAs and courts over the GDPR’s first three years of enforcement, and consider how some key provisions of the regulation have developed. The report will also look ahead to how the EU’s data protection landscape might evolve ...

The GDPR_A Report on the First Three Years of Enforcement

The EU General Data Protection Regulation (GDPR) was adopted on 14 April 2016 and became enforceable on 25 May 2018.

The privacy and security laws of the Middle East and North Africa (MENA) region have developed significantly over the past two decades, as governments increasingly recognise the importance of adequate data protection in attracting trade and investment.

Over the past three years, the EU’s data protection authorities (DPAs) have issued administrative fines totalling hundreds of millions of euros; the Court of Justice of the European Union (CJEU) has invalidated an EU/U.S. data transfer agreement on the basis that it did not meet the EU’s data protection standards; and GDPR-inspired privacy laws have been proposed in scores of countries worldwide.

This report will consider some of the high-profile and noteworthy decisions taken by DPAs and courts over the GDPR’s first three years of enforcement, and consider how some key provisions of the regulation have developed.

The report will also look ahead to how the EU’s data protection landscape might evolve in the coming years.