General Data Protection Regulation

The European Commission plans to unify data protection within the European Union (EU) with a single law, the General Data Protection Regulation (GDPR).

[1] The current EU Data Protection Directive 95/46/EC does not consider important aspects like globalization and technological developments like social networks and cloud computing sufficiently and the Commission determined that new guidelines for data protection and privacy were required. Therefore a proposal for a regulation was released on 25 January 2012.[2] Subsequently numerous amendments have been proposed in the European Parliament and the Council of Ministers. The EU's European Council aims for adoption in 2015/early 2016[3] (see Timeline) and the Regulation is planned to take effect after a transition period of two years.

As of Monday 15 June 2015, the Council of Ministers has given its clearest signal yet that it looks to reach agreement on GDPR by the end of the year. As a Regulation and not a Directive, it will have immediate effect on all 28 EU Member States after the two-year transition period and does not require any enabling legislation to be passed by governments.


Key contacts                                                  

Blank highlight box
Blank highlight box