The General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) had been more than four years in the making when it finally entered into force on 25 May 2016. After a 24-month transition period, the GDPR replaced the existing patchwork of different national data protection laws in Europe, which were then implementing the 20 year old European Data Protection Directive, with a single, directly applicable European law as of 25 May 2018.
IAB Europe consistently advocated for a GDPR that provides a high level of data protection for Internet users while enabling digital advertising to continue playing its important role for the Internet ecosystem in the future. To this end, IAB Europe has supported a risk-based approach to data protection, which would focus regulatory scrutiny and enforcement on data processing based on the meaningful risks for data subjects. IAB Europe has also consistently stressed the importance for the GDPR to provide clear rules that ensure legal certainty for companies.