On-demand webinar coming soon...

Blog

Reflecting on 5 years of the GDPR

The General Data Protection Regulation was a milestone for global data protection. Let’s take a moment to reflect on how we got here and where we're going.

Robb Hiscock
Senior Content Marketing Specialist, CIPP/E, CIPM, OneTrust
May 23, 2023

The number 5 with celebratory fireworks

Table of contents

Get started with your GDPR compliance journey

Get fundamental information you need to get your GDPR compliance program started.

Download now

Think back to 2018, and for two years you’ve been working toward compliance with a new regulation called the General Data Protection Regulation. How did you feel? Most would say that at first the GDPR felt overwhelming; it’s strict and all-encompassing requirements placed a considerable burden on organizations – many of which had little idea where to start. Fast forward five years and the GDPR has been at the heart of some of the biggest privacy headlines in the world and changing the way businesses handle personal data. 

With the anniversary of the GDPR’s entry into effect on May 25, 2023, comes an opportunity for us to reflect on the past five years and to look to the future and how GDPR might adapt to a rapidly evolving digital landscape. Visit the GDPR turns 5 celebration page to register for a range of webinars hosted by our Privacy Connect Chapter Chairs or join us on LinkedIn for a live session with Odia Kagan, reflecting on five years of the GDPR. 

Explore this page to get more expert views on the GDPR’s past, present, and future as well as an infographic busting some of the most common GDPR myths. And, if you are looking for GDPR compliance tips, look no further than our “Getting started with GDPR compliance” eBook.

 

GDPR past, present, and future

The GDPR signaled a landmark moment for data protection and privacy law on a global level. Its origins can be traced back to the 1940s and concerns regarding individual privacy rights. The GDPR replaced the Data Protection Directive 1995 and greatly increased the scope and the data protection requirements for businesses covered by the regulation.

 

On-demand webinar coming soon...

 

Due to its extra-territorial scope, the GDPR continues to have a significant impact on businesses all over the world. Transparency, data minimization, and the right to be forgotten are just a few of the important concepts that businesses must respect or face penalties of up to €20 million, or 4% of global annual turnover, whichever is larger. The GDPR has encouraged the development of comparable data protection laws in other nations since it was implemented, including the California Consumer Privacy Act (CCPA) in the United States and in many jurisdictions in the Middle East.

 

On-demand webinar coming soon...

 

With AI and similar technologies becoming a greater part of our daily lives, the GDPR will continue to play an important part in protecting the personal data of subjects in the EU. And, while data protection law is far more prevalent than it was in 2018, the GDPR will continue to play a crucial role in shaping global data protection standards and influencing the development of new legislation in other countries.

 

On-demand webinar coming soon...

 

Continuing to keep GDPR awareness top of mind is essential for several reasons. First, businesses must ensure they understand their obligations and take the necessary precautions to safeguard the personal information of their clients and workers. Second, it increases confidence in the digital economy by empowering people to understand their rights and take charge of their personal data. Finally, increasing GDPR awareness contributes to the creation of international privacy standards that represent the ideals of the linked digital world we live in and help establish a global culture of data protection.

 

On-demand webinar coming soon...

 

GDPR myths vs. reality

With five years of the GDPR in the rearview mirror, there are several beliefs about the GDPR that have established themselves as fact. However, on closer inspection many may not ring as true as some might have you believe.

 

Infographic breaking down common myths of the GDPR and what the law actually does.

 

For example, some might say the GDPR only applies to European companies. However, it actually applies to any organization that processes the personal data of EU citizens, regardless of whether the processing takes place within the European Union or not. If you offer goods, or services, or monitor the behavior of individuals in the EU, the GDPR will apply.

It is easy to think GDPR compliance is a one-time task. But in reality, GDPR compliance is an ongoing process that requires continuous monitoring, updating, and improvement. Organizations need to regularly assess their data processing practices and maintain up-to-date records to demonstrate accountability with the GDPR.

There is also a misconception that the GDPR hinders innovation. While the GDPR does introduce strict rules and requirements, it doesn't necessarily hinder innovation. In fact, requirements such as data protection by default and data protection by design encourage the development of privacy-enhancing technologies and generally promote a more transparent and responsible approach to data processing that can support innovation.

Download the infographic above to see the reality of the GDPR’s most common myths. 

 

Getting started with GDPR compliance

Some companies have been building and maintaining a GDPR compliance program for the best part of seven years, but others are just starting on their journey toward compliance. While the GDPR is extensive there are a few key areas that should be addressed, and this guide gives you the perfect starting place. 

No matter where you're situated, you must abide by the GDPR requirements when handling the personal data of EU citizens, ensure it is managed with care and transparency and only keep it as long as is required.

A good place to start is to develop a privacy and data protection program to help you comply with the GDPR’s standards. This entails having transparent policies, ensuring the security of your technology, and honoring data subject rights. Additionally, you must have processes in place for making the correct notification in the event of a data breach and keep up to date with evolving regulations and cutting-edge technology in order to remain GDPR compliant. Download the Getting Started with GDPR Compliance eBook to learn about GDPR in greater detail and how the OneTrust Privacy & Data Governance Cloud can help. 

Follow OneTrust on LinkedIn to keep up to date with latest resources to help you on your journey toward GDPR compliance as well as the latest privacy and data protection news. 

You may also like

Webinar

Third-Party Risk

Beyond compliance: Scaling third-party risk management with automation

Join this live webinar to explore how automated vendor assessments, real-time monitoring, and compliance workflows can enhance risk insights and operational efficiency.

May 07, 2025

Learn more

Infographic

Understand consent requirements in financial services

Learn how GDPR, CCPA, and more shape consent in financial services. Get clear, practical insights on compliance with our easy-to-understand infographic.

April 25, 2025

Learn more

Checklist

Consent & Preferences

GDPR compliance checklist: Actionable steps for marketers

Download this GDPR compliance checklist to simplify consent management, stay compliant, and build trust. Get actionable steps tailored for marketers.

February 24, 2025

Learn more

Webinar

Privacy Management

Data Privacy Day 2025

Join this webinar to hear from a panel of expert privacy professionals as they dissect the key happenings in 2024 and how privacy professionals can approach what may occur in 2025.

January 21, 2025

Learn more

Webinar

Privacy Management

Revisiting IAPP DPC 2024: Top trends on the latest data protection developments

Join OneTrust and PA Consulting as we dive deeper into the key takeaways from the IAPP Europe Data Protection Congress 2024. Our speakers will provide actionable insights from the event on the latest developments in data protection, privacy, and AI. 

December 12, 2024

Learn more

Infographic

Privacy Automation

GDPR: Dos and don'ts

Navigating GDPR compliance can feel daunting, especially for businesses with limited resources. This quick infographic guide of actionable “dos” and “don’ts” will help you develop the foundation of a broader privacy-first approach that keeps you aligned with your GDPR compliance goals.

December 10, 2024

Learn more

eBook

Consent & Preferences

Mastering GDPR consent: A marketer's guide to simplifying compliance

Learn how to simplify GDPR consent management, stay compliant, and build trust with your audience. Download this practical guide for marketers.

October 17, 2024

Learn more

eBook

Privacy Management

Maturing your GDPR compliance program

This comprehensive eBook explores the key elements of a GDPR compliance program.

September 11, 2024

Learn more

eBook

Privacy Management

Understanding data transfers under the GDPR ebook

In the ebook, we delve into the fallout from Schrems II and explore how organizations based in Europe can best navigate international data transfers under the GDPR.

June 05, 2024

Learn more

Webinar

Privacy Management

Preparing for a new regulation: Lesson learned from the GDPR businesses can apply to the EU AI act?

Join our panel of experts as we celebrate GDPR Anniversary and take a closer look at the relationship between the GDPR and AI Act.

May 23, 2024

Learn more

Webinar

Privacy Management

Navigating data privacy in 2024: Global regulatory updates & compliance strategies

Join our webinar for a comprehensive overview of the latest global data privacy regulations and updates impacting businesses in 2024 and how to prepare.

March 20, 2024

Learn more

Infographic

Privacy Management

OneTrust announces partnership with Europrivacy

Learn how OneTrust and Europrivacy's partnership can help your organization achieve GDPR compliance and build trust with your customers.

December 06, 2023

Learn more

Webinar

Technology Risk & Compliance

Demonstrating GDPR compliance with Europrivacy criteria: The European Data Protection Seal

Join our webinar to learn more about the European Data Protection Seal and to find out what the key advantages of getting certified.

November 30, 2023

Learn more

Webinar

Privacy Management

Revisiting the ICO Data Protection Practitioner's Conference: Addressing your top challenges

Join OneTrust and KPMG UK to discuss the challenges of employee SARs, managing your breach response with third parties, and incident management.

October 25, 2023

Learn more

Infographic

Privacy & Data Governance

Understanding the EU Data Boundary

Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.

September 22, 2023

Learn more

Webinar

Privacy Management

Privacy in practice: PIA & DPIA with PA Consulting

Join OneTrust and PA Consulting as we discuss what makes an effective PIA, best practices, and the benefits of automation.

September 21, 2023

Learn more

Webinar

Privacy & Data Governance

Privacy in practice for data mapping: With PA Consulting and Syngenta

Join OneTrust and panelists from PA Consulting and Syngenta as we explore practical ways to build an effective data mapping program, best practices, and the need for automation.

September 14, 2023

Learn more

Webinar

Governance & Policy Management

EU-US DPF: What next for UK businesses?

Join our expert webinar as we discuss the upcoming UK-US DPF Extension and what UK businesses need to prepare to become DPF-certified.

September 06, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more

Infographic

Privacy & Data Governance

The 3 priorities of the French DPO: Gain visibility, take action, automate

Download our infographic and learn about the 3 priorities of the French DPO.

May 30, 2023

Learn more

Webinar

Privacy Management

GDPR turns 5: Celebrating data protection

Northern Europe panel - Join our panel of experts as they recap the GDPR, its key concepts, and what it means for organizations and compliance. 

May 25, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Tech: Key considerations of Privacy by Design and AI in tech

Join our panel of experts as we discuss the impact GDPR had on the tech industry during the past five years, the importance of privacy by design, and what to expect with AI and regulation.

May 25, 2023

Learn more

Webinar

Privacy & Data Governance

Global Panel — GDPR & Healthcare: current regulatory guidance and enforcement

In this live webinar, our expert panel examines the first five years of the GDPR, how it changed the healthcare industry, and the changing global regulatory landscape.

May 24, 2023

Learn more

Webinar

Privacy Management

5 years of GDPR: Milestones, challenges, and opportunities

Eastern European panel - Watch our webinar as we look back on 5 years of the GDPR, AI, and their impact on Europe, the world, and your organization.

May 24, 2023

Learn more

eBook

Privacy Management

Getting started with GDPR compliance

This eBook covers the fundamental information you need to know in order to get your GDPR compliance program started and how OneTrust helps. 

May 23, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Retail: building customer loyalty and trust with consent and privacy

Join us for a live panel as we discuss GDPR's impact on the retail and eCommerce industry and how companies evolved to meet the global regulatory landscape.

May 23, 2023

Learn more

Infographic

Privacy Management

Comparing the FADP, Revised FADP, and the GDPR

Download our infographic to see how the Revised FADP compares with its original version and the GDPR.

May 23, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Finance: Staying ahead of the regulatory and cyber landscape

How has the GDPR affected the financial industry? Join our live panel as we examine how it companies evolved to meet the regulatory challenges and what can be done to stay ahead of the curve.

May 22, 2023

Learn more

Webinar

Privacy Automation

OneTrust and Deloitte UK - Data transfers: Assessments & safeguards

OneTrust's Center of Excellence and Deloitte UK will discuss data transfers and GDPR compliance, covering the UK stance, ICO/EDBP guidance, and more.

April 04, 2023 1 min read

Learn more

eBook

Privacy Management

The 3 Priorities for DPOs in France: Gain Visibility, Take Action, Automate eBook | Resources | OneTrust

French DPOs should take three priorities into account when building their data protection and compliance programs and processes in 2023.

February 21, 2023

Learn more

Webinar

Privacy & Data Governance

Data Protection in Financial Services Week: Government keynote and international transfers

This session will examine some key issues and recent developments on international data transfers with contributions from key EU, UK, and US regulators.

February 07, 2023

Learn more

Webinar

Consent & Preferences

Belgian DPA approves TCF action plan: Where we go from here

Belgian DPA approves IAB Europe’s action plan to correct its Transparency & Consent Framework (TCF) violations of the GDPR.

January 12, 2023

Learn more

Webinar

Privacy & Data Governance

Keeping pace with the changing regulatory landscape: UK And EU updates webinar

Learn more about the privacy updates for the UK and the EU, what to expect in the coming year, and how to manage regulatory change.

August 15, 2022

Learn more

Webinar

Ethics & Compliance

GDPR and the EU Whistleblower Protection Directive webinar

Join this webinar to learn how to review your whistleblowing processes to comply with the EU Whistleblower Protection Directive, the GDPR and others.

July 06, 2022

Learn more

Webinar

Privacy & Data Governance

4 years of GDPR

Watch our webinar on the last 4 years of GDPR compliance and trends for the future.

May 05, 2022

Learn more

Webinar

Privacy Management

Privacy rights poland: Enhance Your DSAR process with automation, discovery & redaction

As part of our Privacy Automation webinar series, we discuss why it's important to automate DSAR fulfillment and the latest regulatory trends. 

April 03, 2022

Learn more

Webinar

Privacy & Data Governance

Know your laws: Comparing CCPA & CPRA vs. GDPR

Watch this free webinar and see how the CCPA and CPRA compare with the GDPR.

January 04, 2022

Learn more

Checklist

Privacy & Data Governance

Transfer Impact Assessment (TIA) checklist

This Transfer Impact Assessment checklist provides an overview of the key steps you can take as you perform a TIA.

December 01, 2021

Learn more

Infographic

GDPR's 8 fundamental data subject rights

Download our GDPR's 8 Fundamental Data Subject Rights infographic and learn more about the individual rights guaranteed under the EU's major privacy law. 

August 27, 2021

Learn more

eBook

Privacy & Data Governance

The ultimate guide to GDPR compliance

Download this eBook to get an ultimate guide to understanding the GDPR and implementing steps towards compliance.

August 26, 2021

Learn more

eBook

Privacy & Data Governance

10 steps to meeting the GDPR Article 30 requirement

Download this eBook and learn how to leverage data mapping for your GDPR Article 30 compliance program. 

July 22, 2021

Learn more

White Paper

Privacy Automation

Mastering PIAs & DPIAs: A complete handbook for privacy experts

Unlock the full potential of your privacy program with our complete handbook designed to equip privacy professionals with the essential tools and knowledge for establishing robust PIA and DPIA processes.

July 22, 2021

Learn more

Checklist

Privacy & Data Governance

GDPR compliance checklist

Download our GDPR compliance checklist for recommendations on improving your organization's privacy program. 

June 11, 2021

Learn more

Webinar

Privacy Automation

PIA and DPIA demo webinar with Data Privacy Group

Join our webinar to learn the benefits of automating your PIAs and DPIAs using the OneTrust platform

Learn more

Top Searches

Resources

Platform

Company

Latest News

Contact Us

Privacy Matters

Our privacy center makes it easy to see how
we collect and use your information.

Your privacy

When we collect your personal information, we always inform you of your rights and make it easy for you to exercise them. Where possible, we also let you manage your preferences about how much information you choose to share with us, or our partners.

© {{CURRENT_DATE}} OneTrust, LLC. All Rights Reserved.

On-demand webinar coming soon...

Our policies

Your rights