General Data Protection Regulation (GDPR) – Enforceable Today, May 25 2018

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the 1995 Data Protection Directive (Directive 95/46/EC). It was adopted on April 27 2016 and becomes enforceable May 25 2018. Unlike a directive, it does not require national governments to pass any enabling legislation and so it is directly binding and applicable. 

More information

ACTA has been doing more research on the European Union Regulation and found the following website provided some insight into understanding how this regulation affects the expanded scope of jurisdiction:

How does it Impact Travel Agencies in Canada?

According to the section titled Expansive Jurisdiction in the previously mentioned website, it states: ... But Article 25 exempts controllers in countries (such as Canada) deemed to provide an adequate level of legal protection, or employing fewer than 250 persons, and those that “only occasionally” offer goods or services to EU residents.

ACTA will continue to dialogue with our network of global associations in Europe and the US and monitor the impact of this new EU Regulation on Travel Agencies in other countries and in Canada.

RELATED STORY: EU's New General Data Protection Regulation Will Impact U.S. Travel Agencies

Paul Ruden , Travel MarketReport


On May 25, the new European Union General Data Protection Regulation (GDPR) will take effect. The stated purpose of the regulation, which has the force of law in the EU, is to protect the data of “natural persons,” meaning humans as opposed to legal entities like corporations.

The real difficulties arise because the rules, intended to create equal rights in all EU member countries, apply to everyone regardless of their nationality or residence and all of their covered data regardless of where it is processed and whether the processing is automated or manual. Despite that goal, however, the regime created by the GDPR allows individual EU states to adopt separate rules in some circumstances.