---
id: "entity-eu-gdpr"
type: "entity"
entityType: "other"
canonicalName: "General Data Protection Regulation (GDPR)"
aliases: ["GDPR", "Regulation (EU) 2016/679"]
source_timestamps: ["§ How to Use Explainable AI Responsibly"]
tags: ["regulation", "european-union"]
related: ["concept-checkbox-transparency", "claim-transparency-mandates-insufficient", "entity-eu-ai-act"]
sources: ["adoption"]
sourceVaultSlug: "hbr-seg-adoption"
originDay: 9
articleStem: "hbr-edu-37-employees-not-questioning-ai"
sourceUrl: "https://hbr.org/2026/06/employees-arent-questioning-ai-advice-enough"
sourceTitle: "Employees Aren’t Questioning AI Advice Enough"
---
# European Union’s General Data Protection Regulation (GDPR)

**Type:** Other (regulation) · **Canonical name:** General Data Protection Regulation (GDPR)

A comprehensive EU data privacy law (Regulation (EU) 2016/679) that, alongside the [[entity-eu-ai-act-d9|AI Act]], underpins some AI explanation obligations. It contains provisions on **automated decision-making** and a right to obtain "meaningful information about the logic involved" in certain automated decisions. It is cited in the source as one driver of transparency mandates that can devolve into [[concept-checkbox-transparency]] (see [[claim-transparency-mandates-insufficient]]).

**Canonical reference (enrichment):** Official consolidated text via EUR-Lex.

**Precision note (enrichment):** GDPR is *primarily* a data-protection law; its AI-explainability aspects are indirect. The extraction's description is broadly correct but slightly compressed. Its automated-decision provisions are, in intent, about ensuring explanations are meaningfully usable — not merely displayed.
