The General Data Protection Regulation (GDPR) creates a single EU-wide law on data protection intended to increase legal certainty for individuals, businesses, and Data Protection Authorities and to contribute to the success of the EU's Digital Single Market. Of particular significance is the extraterritorial application of the GDPR, where a non-EU based business will become subject to the GDPR when it is processing personal data of individuals in the EU as a result of offering goods or services to such individuals or monitoring their behavior.
The GDPR also introduces significant new data protection requirements and rights for data subjects, as well as enforcement powers for DPAs, which include fines of up to 4% of annual worldwide turnover or 20 million euro, whichever is greater. The GDPR entered into force May 25, 2018.
The handbook serves as a first point of reference on relevant EU law and the European Convention on Human Rights (ECHR), as well as the CoE Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108) and other CoE instruments.