How many EU regulations does Cleo cover?

Cleo monitors 25,000+ regulations across all 27 EU member states, including GDPR, AI Act, DORA, CSRD, NIS2, MiCA, and sector-specific directives.

Does Cleo track national transpositions of EU directives?

Yes. Cleo's multi-agent pipeline automatically detects when EU directives are transposed into national law and alerts your team with the specific local requirements.

Can Cleo compare regulations across EU member states?

Absolutely. Cleo's multi-jurisdiction comparison feature lets you see how the same directive is implemented differently across member states, highlighting gaps and additional requirements.

🇪🇺European Union

GDPR compliance in the EU

The GDPR is directly applicable across all 27 EU member states since May 2018. It harmonizes data protection rules while allowing member states to specify certain provisions through national law.

Start free scan

Enforcement authority

European Data Protection Board (EDPB) coordinates; each member state has a national DPA

Maximum sanctions

Up to EUR 20 million or 4% of global annual turnover. Over EUR 4.5 billion in fines issued since 2018 across the EU.

Key obligations

What GDPR requires from organizations operating in the EU.

Appoint a Data Protection Officer (DPO) for public authorities and large-scale processing

Maintain Records of Processing Activities (ROPA) under Article 30

Conduct Data Protection Impact Assessments for high-risk processing

Implement data breach notification to supervisory authority within 72 hours

Ensure valid legal basis under Article 6 for all personal data processing

Local context in the EU

The EDPB issues binding decisions on cross-border cases. Ireland, Luxembourg, and France handle the largest volume of cross-border complaints due to tech company headquarters locations.

GDPR by industry in the EU

Retail & Consumer Goods HealthTech Insurance Energy & Utilities Cosmetics & Personal Care Electronics & Connected Devices

Frequently asked questions

How does GDPR apply in the EU?

The GDPR is directly applicable across all 27 EU member states since May 2018. It harmonizes data protection rules while allowing member states to specify certain provisions through national law.

Who enforces GDPR in the EU?

European Data Protection Board (EDPB) coordinates; each member state has a national DPA

What are the penalties for GDPR non-compliance?

Up to EUR 20 million or 4% of global annual turnover. Over EUR 4.5 billion in fines issued since 2018 across the EU.

Read our complete GDPR compliance guide

GDPR in other jurisdictions

🇫🇷France 🇩🇪Germany 🇬🇧United Kingdom 🇺🇸United States 🇧🇷Brazil 🇦🇺Australia 🇮🇳India

Check your GDPR compliance now

Start free scan to see your risk score and applicable obligations.

Start free scan

Key obligations

What GDPR requires from organizations operating in the EU.

Appoint a Data Protection Officer (DPO) for public authorities and large-scale processing

Maintain Records of Processing Activities (ROPA) under Article 30

Conduct Data Protection Impact Assessments for high-risk processing

Implement data breach notification to supervisory authority within 72 hours

Ensure valid legal basis under Article 6 for all personal data processing

Frequently asked questions

How does GDPR apply in the EU?

The GDPR is directly applicable across all 27 EU member states since May 2018. It harmonizes data protection rules while allowing member states to specify certain provisions through national law.

Who enforces GDPR in the EU?

European Data Protection Board (EDPB) coordinates; each member state has a national DPA

What are the penalties for GDPR non-compliance?

Up to EUR 20 million or 4% of global annual turnover. Over EUR 4.5 billion in fines issued since 2018 across the EU.