Data Protected Home: Your global guide to data protection

Welcome to Data Protected. This edition spans 55 jurisdictions, including new sections for Thailand and Turkey.

As the General Data Protection Regulation beds in, it is striking how successful it has been at harmonising data protection laws across the EU.  For these jurisdictions we use grey text to set out the position under the General Data Protection Regulation and black text to show national variations. The amount of black text is limited and, with the exception of the new fines which are starting to filter their way through, the changes also limited.  In addition, all of the EU and EEA states have now implemented the GDPR with the exception of Slovenia. The position is summarised in this table.

Further information about the General Data Protection Regulation is available in our GDPR Survival Guide, here.

The General Data Protection Regulation has been designed with new technology, such as artificial intelligence, in mind. Addition controls on use of automated decision making and mandatory impact assessments should help ensure the safe and ethical use of this technology. We have prepared a detailed report on the use artificial intelligence, including the interaction with data protection laws, which is available here.

We hope that this report is useful. If you have suggestions about the report, or any other comments, please let us know.


This report only considers issues arising out of the General Data Protection Regulation and the Privacy and Electronic Communications Directive as they currently stand, and similar national legislation outside of the European Union. Its purpose is not to provide legal advice or exhaustive information but rather to create awareness of the main rules. Needless to say, each contributing law firm prepared their section of the report. Should you have any questions in connection with the issues raised or if specific advice is needed, please consult one of the lawyers referred to in this report.