Helping Clients Successfully Navigate

The Evolving GDPR Regulatory Landscape

While comprehensive privacy and data protection laws are becoming the norm in jurisdictions worldwide, the European Union’s General Data Protection Regulation (GDPR) was revolutionary. Though niche and sector-specific laws existed for decades before the GDPR took effect in 2018, it was the first overarching privacy and data protection law. It established many core tenets in the privacy lexicon we know today. For example, the GDPR introduced and built upon the concepts of controllers and processors and the different legal bases, such as consent and legitimate interest, among other critical components of the present-day privacy and data protection legal canon. The GDPR also acted as a template for other laws, such as the first comprehensive state privacy law, the CCPA, as amended by the CPRA.

With such a comprehensive law, including its extraterritorial application, the GDPR imposes broad compliance obligations on companies of all shapes and sizes. These obligations include GDPR-compliant privacy policies and notices, data processing agreements (DPAs), data mapping, impact assessments, data subject rights compliance, and data transfer considerations. Regulators in the space, referred to at times as “data protection authorities,” are actively enforcing the law, with some of the most notable enforcement coming from France’s CNIL and the UK’s ICO.

A GDPR lawyer can help companies analyze data processing practices and ensure compliance to avoid potentially costly enforcement actions from data protection authorities. At RICHT, we focus on assisting clients in staying ahead of the ever-evolving GDPR regulatory landscape while ensuring that they can still operate their businesses in a manner that prioritizes growth and innovation. 

GDPR Law Services We Offer

Data Protection Officer (DPO)

Privacy Programs

Privacy Impact Assessments

Sectors We Serve


Financial Services


Healthcare & Life Sciences



Find Out About How We Can Help You Navigate The GDPR

    Featured GDPR Video

    GDPR News


    Breaking down enforcement of Meta’s legal basis for personalized ads

    Ireland’s Data Protection Commission fined Meta 390 million euros — 210 million euros against Facebook and 180 million euros against Instagram.


    Our Insights