Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

European Union

General Data Protection Regulation

PrivacyIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

The GDPR sets the EU baseline for personal-data processing, requiring lawful bases, transparency, security safeguards, and rights for access, deletion, and objection.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: In Effect
  1. 1

    May 25, 2018

    In Effect

    The GDPR became applicable across the EU.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

European Union

EU AI Act

AI RegulationIn Effect

The EU AI Act creates a single risk-based rulebook for AI across the bloc, ranging from outright bans on a narrow set of uses to detailed duties for high-risk systems and general-purpose AI models. It affects providers, deployers, importers, distributors, and product manufacturers that place AI systems on the EU market or use them in the EU. Core requirements include risk management, technical documentation, transparency, human oversight, post-market monitoring, and incident reporting.

Effective
Aug 1, 2024
View detail

European Union

NIS2 Directive

CybersecurityIn Effect

NIS2 expands the EU cybersecurity framework to more sectors and entities and requires management-approved cybersecurity risk management measures and incident reporting. It affects essential and important entities across energy, transport, health, digital infrastructure, public administration, manufacturing, and other critical sectors. The directive also increases supervisory and penalty powers and coordinates cross-border cooperation.

Effective
Jan 16, 2023
View detail

Indiana, United States

Indiana Consumer Data Protection Act

PrivacyIn Effect

Indiana gives consumers rights to confirm processing, access data, correct inaccuracies, delete certain personal data, obtain portable copies, and opt out of targeted advertising, sale, and profiling. It applies to businesses that meet threshold tests and requires clear notices, purpose limitation, security safeguards, and contracts with processors. The attorney general enforces the law after a cure process.

Effective
Jan 1, 2026
View detail