map placeholder
Status

Has similar law

Implemented

Not implemented

Click on a country for details.

GDPR Countries 2024

The General Data Protection and Regulation (GDPR) is an EU regulation on data protection and privacy in the European Union, the European Economic Area, and the United Kingdom. The law regulates how organizations protect the personal data of people residing in its protected areas. The purpose of the GDPR is to give individuals control over their personal data and simplify the regulatory environment for international business. The GDPR was adopted on April 14, 2016, and became enforceable starting May 25, 2018.

Under the GDPR, business processes that handle personal data must provide specific safeguards to protect that data. Data controllers must design information systems with high levels of privacy so subjects cannot be identified through publicly available datasets. No personal data may be processed unless done under one of six lawful specified bases: consent, contract, public task, vital interest, legitimate interest, or legal requirement. Data controllers must also clearly disclose data collection to the user, declare the lawful purpose and basis for processing, and state how long the data will be held and if it will be shared with any third parties. Additionally, businesses that experience a data breach must report the breach to national supervisory authorities within 72 hours if the breach could negatively impact user privacy.

While the GDPR is written to protect those countries in the EU and EEA, institutions and organizations outside of those areas must also follow its provisions and are not exempt from facing the consequences of non-compliance with GDPR. Non-EU organizations need to implement, staff, and run systems to continue offering their services to the EU market. Any transaction between a consumer physically located in a GDPR country at the time of the transaction and an organization located anywhere in the world is subject to the terms of GDPR. This is true even if, for example, the consumer is a Japanese tourist visiting France and the organization with which they interacted is based in North America.

  • GDPR is an acronym standing for General Data Protection Regulation.
  • GDPR is binding throughout all of Europe regardless of whether or not a specific country has implemented it. Any European organization that collects data in EU/UK member states is subject to the GDPR even if the organization's home country has chosen to not implement GDPR.
CSV JSON

Download Table Data

Enter your email below, and you'll receive this table's data in your inbox momentarily.

Country
Status
Similar Data Protection Laws
RussiaNot implemented
UkraineNot implemented
BelarusNot implemented
SerbiaNot implemented
MoldovaNot implemented
Bosnia and HerzegovinaNot implemented
AlbaniaNot implemented
North MacedoniaNot implemented
MontenegroNot implemented
GermanyImplemented
United KingdomImplemented
FranceImplemented
ItalyImplemented
SpainImplemented
PolandImplemented
RomaniaImplemented
NetherlandsImplemented
BelgiumImplemented
SwedenImplemented
Czech RepublicImplemented
GreeceImplemented
PortugalImplemented
HungaryImplemented
AustriaImplemented
BulgariaImplemented
DenmarkImplemented
SlovakiaImplemented
FinlandImplemented
IrelandImplemented
CroatiaImplemented
LithuaniaImplemented
SloveniaImplemented
LatviaImplemented
EstoniaImplemented
CyprusImplemented
LuxembourgImplemented
MaltaImplemented
NigeriaHas similar lawData Protection Regulation
BrazilHas similar lawGeneral Data Protection Law (LGPD)
JapanHas similar lawAct on the Protection of Personal Information
TurkeyHas similar lawLaw on Protection of Personal Data No. 6698
South AfricaHas similar lawProtection of Personal Information (POPI) Act
KenyaHas similar lawData Protection Act
South KoreaHas similar lawPersonal Information Protection Act
UgandaHas similar lawData Protection and Privacy Act, 2019
ArgentinaHas similar lawPersonal Data Protection Act No 25,326
CanadaHas similar lawPersonal Information Protection and Electronic Documents Act (PIPEDA)
IsraelHas similar lawData Security Regulations
SwitzerlandHas similar lawPersonal Data Protection Law
New ZealandHas similar lawPrivacy Act
UruguayHas similar lawAct on the Protection of Personal Data and Habeas Data Action
QatarHas similar lawLaw No. 13
BahrainHas similar lawPersonal Data Protection Law
MauritiusHas similar lawData Protection Act
showing: 54 rows

Which countries are under GDPR?

Europe's data protection system, GDPR, applies to the United Kingdom, European Union nations, and countries within the European Economic Area.

Frequently Asked Questions

  1. GDPR Countries List

Sources