Comparative Law Review

On 24 May 2018, the General Data Protection Regulation (GDPR) entered into force, thereby obliging all 28 national legal systems of the EU Member States to harmonize and supplement their rules on the protection of personal data. From the perspective of international law, agreements emanating from other international organizations that are binding on the EU Member States may prove to impose legal obligations inconsistently with the GDPR. Possibly, an example of such an international organization may be NATO. In such a case, the EU Member States would be confronted with an irresolvable conflict of law, as – from the horizontal system of international law – they would be obliged to abide by the rules of both Organizations. Given that as many as 22 EU Member States are Parties to NATO, this study examines whether there is a legal or a political requirement to implement the GDPR to the policy of NATO.