If the GDPR is news to you, you’re probably wondering when did GDPR go into effect and how it applies to your company’s practices.

The General Privacy Data Regulation is designed to protect sensitive data of European Union (EU) residents. If your business collects, stores or processes consumer data from the EU, you must be GDPR-compliant—or face fines up to 20 million pounds.

Here’s an overview of the GDPR’s history and what it means for you.

History of the GDPR

The GDPR officially went into effect in 2016, but European Union member states had until May 25, 2018 to fully implement GDPR policies.

Privacy rights have been recognized for decades now. The 1950 European Convention on Human Rights stated, “Everyone has the right to respect for his or her private and family life, his or her home and correspondence.” The GDPR is a direct response to these recognized rights.

In 1995, the European Data Protection Directive (Directive 95/46/EC) on the protection of individuals with regard to the processing of personal data and on the free movement of such data was adopted. This paved the path for stricter GDPR regulations.

According to GDPR.eu, “As technology progressed and the Internet was invented, the EU recognized the need for modern protections. So in 1995 it passed the European Data Protection Directive, establishing minimum data privacy and security standards, upon which each member state based its own implementing law. But already the Internet was morphing into the data Hoover it is today. In 1994, the first banner ad appeared online. In 2000, a majority of financial institutions offered online banking. In 2006, Facebook opened to the public. In 2011, a Google user sued the company for scanning her emails. Two months after that, Europe’s data protection authority declared the EU needed ‘a comprehensive approach on personal data protection’ and work began to update the 1995 directive.”

The original GDPR regulations were initially discussed in June 2011. Previous e-privacy laws were considered insufficient for the changing times. The European Data Protection Supervisor published an opinion on the European Commission’s Communication.

Over the next five years, the regulations were refined and reviewed until the entire EU approved. The GDPR was adopted in 2016, and went into effect on May 25, 2018.

When Did the GDPR Become Enforceable?

All countries had until May 25, 2018 to become GDPR compliant. Because the regulations determine how companies can collect, store and process data, any companies directly doing business in the EU or tracking consumer information in the EU are subject to enforcement.

Today, you are required to comply with the GDPR—even if you don’t intend to do business in the European Union. Depending on the nature of your data collection and processing, the GDPR regulatory authorities are allowed to enforce the law, no matter where you’re located. Websites that use tracking cookies or collect emails for marketing purposes could run afoul of the law.

Tips for Staying Compliant

Although it’s always best to consult a lawyer on these matters, a GDPR-compliant privacy policy can do your business a world of good. First, it ensures that you’re in compliance—you won’t run the risk of racking up hefty fines.

Second, having a GDPR privacy policy allows your company to grow at will. If you plan to do business outside the United States, tailoring your privacy policies now is the best way to prepare for the future. You won’t be left scrambling at the worst possible moment.

To stay compliant with GDPR privacy policies, schedule a demo with SixFifty. Our proprietary legal technology makes it easy for you to automatically generate a comprehensive GDPR privacy policy. All you need to do is answer a few questions about your business, and wait for the files to be generated. Download, have your in-house legal team review, and you’re ready to go.

Finally, make sure that you review your GDPR privacy policy regularly. Because the EU is a fluid entity, different countries may enter and exit at any given time. It’s your responsibility to keep up with the regulations—and how you process, store and use your member data.

Find solutions with SixFifty

SixFifty’s legal technology makes it simple to keep up with GDPR regulations. Instead of hiring outside counsel, we make expert legal help accessible to everyone within just a few clicks of the mouse.

Free up your legal department’s valuable time, and let everyone focus on their unique talents. If you’re ready to get started or have further questions, schedule a demo with SixFifty today.


Meili Bell

Written by Meili Bell

Meili Bell is the Content Manager at SixFifty. She spends her workdays writing, editing, project managing and reading about the intersection of law and technology. Meili comes to SixFifty from Gifted Music School, a nonprofit music school for the most dedicated young musicians in the region, where she was program director of the school’s flagship program for the last ten...

Full Bio and other articles by