Do you need to get a better grasp of European privacy laws? Are you looking for specific information for your compliance? Our European Privacy Laws Overview is what you need!
👀 In this guide, we give basic information regarding major EU laws such as the GDPR or the ePrivacy, and provide many further resources for you to dive deeper into your topics of interest.
A strong framework for data protection was necessary when companies started to heavily collect, use and store personal data of individuals in order to get relevant insights on customers, provide them with personalized experiences or ads, and more.
Privacy laws have been crucial for protecting individuals’ personal data and ensuring it is not being abused by organizations. They helped to:
🗓️ When? The GDPR is a European regulation that became fully enforceable on May 25th, 2018. It is the most robust and strictest privacy law to date.
💬 What? At its most basic, the GDPR specifies how personal data should be lawfully processed, collected, shared, used, protected or interacted with in general.
📍 Where? The GDPR can apply to you whether your organization is based in the EU or not.
The GDPR applies to:
🔍 Check out our dedicated section below for useful resources on the GDPR.
The UK privacy landscape has been undergoing some changes after Brexit, but the GDPR still applies (until a new bill is passed) and is now referred to as the UK GDPR and enforced by the UK DPA, called ICO.
The Privacy and Electronic Communications Regulations (PECR) is a British law that gives people specific privacy rights in relation to electronic communications. It sits alongside the UK GDPR.
💡 Learn more about what Brexit means for your business and its impact on data protection
🗓️ When? 2022, ePrivacy Directive 2002/58/EC (or Cookie Law).
💬 What? It establishes guidelines for the protection of electronic privacy, including email marketing and cookie usage, and it still applies today. It works hand in hand with the GDPR.
📍 Where? The ePrivacy is an EU law. It applies if you do business in the EU (regardless of whether you are based in the EU or not), and more practically, if your website can be visited by European users and it uses cookies.
🔍 Check out our dedicated section below for useful resources on the Cookie Law.
While the GDPR and the ePrivacy are on an EU-level, some independent public authorities called DPAs (Data Protection Authorities) oversee the enforcement of data protection laws on a country-level. They also conduct investigations, issue fines and sanctions, and provide guidance on best practices, i.e. on cookie usage.
The most active DPAs include:
and many more such as the Irish, Belgian, Danish, Austrian, German DPAs…
Note: the information outlined below is simplified information, and as a business, you should discuss your specific situation with legal professionals. In the meantime, keep reading! Our resources can give you a head start with your compliance.
As part of our European privacy laws overview, here’s a collection of resources on everything you should know about GDPR compliance.
If you process personal data, the GDPR requires you to have a valid legal basis for doing so. If consent is your legal basis, before collecting any personal data, you will have to obtain explicit user consent and keep records of this consent.
You must also honor user rights and requests, as well as implement organizational measures (assessments, appointing a person responsible for privacy) and keep the data safe when stored.
🔍 Check out these resources for further detail on GDPR standards:
📌 B2B: How does GDPR affect B2B companies
📌 US businesses: Does the GDPR apply to US businesses?
📌 Marketing: Marketing Consent in the GDPR
📌 Internal compliance: Data Protection Impact Assessment (DPIA) template and What to look for when choosing your DPO (based on GDPR requirements)
These guides will give you practical tips and tools for simplifying your website/app’s compliance:
As part of our European privacy laws overview, here’s a collection of resources on everything you should know about ePrivacy and cookie compliance.
The ePrivacy directive applies to any type of trackers that store or access information on a user’s device, including cookies.
Here again, working along the GDPR, the Cookie Law requires you to inform users and obtain their consent before using such technologies. Common practice is to use a cookie banner.
The vast majority of EU countries’ DPAs (mentioned before) have established cookie rules following the ePrivacy, adding the need for keeping records of cookie consent (to align with the GDPR).
Before sending direct marketing communications in electronic form (emails, newsletters, etc.), user consent is required as well. As always, users must also be given the right to withdraw (opt-out, or unsubscribe in the case of emails) at any time.
🔍 Check out these resources for further detail on the ePrivacy directive:
📌 How to Make your Emails and Newsletter Compliant (with Form Examples)
These guides will give you practical tips and tools for simplifying your website/app’s compliance:
Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.