The General Data Protection Regulation (GDPR) was published in May 2016 and, despite entering into force on 24 May 2016, was applied as from 25 May 2018.
The GDPR is a directly applicable EU regulation that does not require national transposition laws or, in most cases, rules of implementation and application. Thus, controllers and data processors must adapt the processing operations they carry out to the requirements of this Regulation.
Notwithstanding the above, the GDPR provides that Member States may, as far as necessary for coherence and comprehension in certain areas, enact laws that complement the Regulation. In accordance with this provision, a new Organic Law on the Protection of Personal Data (LOPD) has been approved, which includes certain clarifications and development of the GDPR.