An American's Guide to the GDPR
36 Pages Posted: 30 Jun 2020 Last revised: 14 Jan 2021
Date Written: June 5, 2020
The EU’s General Data Protection Regulation (GDPR) went into effect in May 2018, impacting companies, individuals, and countries around the world. The GDPR is long and notoriously complex. A number of helpful and influential practical overviews exist. None of these overviews, however, has squarely taken aim at what we understand to be the most significant hurdles for U.S.-based readers. Understanding the GDPR requires knowing not only what it contains, but how to read it,and a basic understanding of both data protection and broader European law.
We aim in this Essay to provide a concise one-stop-shop for GDPR novices, dabblers, and would-be experts in the U.S. that includes both necessary background context and pointers to reliable resources. We endeavor, too, to correct common misconceptions about the GDPR: that it is founded on individual consent (it’s not); that it’s about privacy (it’s about data protection); and that it’s primarily about individual rights and control (it’s equally about risk management and corporate compliance). We hope to thus inform legal practice, legal scholarship, and ongoing policy conversations about the enactment of data privacy law in the United States.
Keywords: privacy, GDPR, data protection law, data privacy law, General Data Protection Regulation
Suggested Citation: Suggested Citation