General Data Protection Regulation

The General Data Protection Regulation, known as GDPR, will enter into force on 25 May 2018. You will find below some information about its scope and application.

EULITA, as a European association, is covered by GDPR’s provisions and must apply them to personal data it processes. In this context, EULITA is the “data controller” (for the full definition see art. 4 of the Regulation); EULITA’s correspondents and other natural persons with whom we collaborate are the “data subjects”.

Under the regulation, “data processing” means any operation performed on personal data, such as collection, recording, storage, use, and many others. Personal data, in turn, is any information that concerns an identified or identifiable natural person.

Certain requirements must be satisfied in order for the processing to be lawful. They include, among other things, the existence of a legally recognized reason for the processing (see art. 6 of the Regulation), a prohibition to process certain data (see art. 9), and the duty to respect the rights of the data subjects (see art. 12 and following). The data controller must provide the data subjects with a certain amount of information about the processing. That is why those whose personal data EULITA processes will receive a separate mail containing such details.

EULITA would also encourage you and your association to check the requirements for personal data protection under your national legislation. The website of the European Data Protection Supervisor ( is a source of comprehensive information on the GDPR.