The General Data Protection Regulation (GDPR) is a complex and heavily enforced privacy law that protects the personal data of European Union data subjects. While many focus their GDPR compliance efforts on updating Privacy Policies, responding to data subject requests and standard contractual clauses, there is one element that is often overlooked - privacy by design.

On July 16, 2020, the Court of Justice of the European Union (CJEU) published their highly anticipated ruling in the Schrems II (Irish Data Protection Commissioner vs. Facebook & Schrems) case.

The General Data Protection Regulation (GDPR) is a privacy law that has stringent requirements for the privacy practices of certain websites and how businesses collect, use and disclose the personal data of residents of the European Union.

The General Data Protection Regulation (GDPR) is a privacy law aimed at protecting the personal information of residents of the European Union. GDPR strives for that goal by imposing certain requirements on those processing and controlling personal data, including requiring a legal basis for such processing, ensuring that websites have compliant Privacy Policies, and requiring reporting of certain breaches of personal data.