Designed to grapple with the realities of global, ubiquitous data in the internet era, the EU’s new data protection legislation should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.
In this section you will find links to key pieces of current and new data protection legislation.
In particular, the reform of the EU’s data protection rules which began in January 2012, has resulted in two key pieces of legislation:
The official texts of the Regulation and the Directive are now recognised as law across the EU. Member States have two years to ensure that they are fully implementable in their countries by May 2018.
In the meantime, the existing legislation, Directive 95/46/EC for the private and most of the public sector and Council Framework Decision 2008/977/JHA for the law-enforcement sector, remain applicable across the EU.
Take a look at the the history of the General Data Protection Regulation on our GDPR timeline page for more information about its evolution. You can also download EU Data Protection, a free app for mobile devices from the EDPS to consult the new texts of these two pieces of legislation.
Below you will also find a link to the ePrivacy Directive 2002/58/EC which provides additional data protection rules for telecommunications networks and internet services. This Directive is due to be repealed. The European Commission adopted a proposal for a Regulation on 10 January 2017; it is currently under discussion in the European Parliament and the Council of the European Union.
You will also find a link to Regulation (EC) 45/2001 which lays down the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor. The European Commission adopted a proposal on 10 January 2017 which repeals Regulation (EC) 45/2001 and brings it into line with the GDPR. A political agreement has been reached between the European Parliament and the Council of the European Union on the new rules for data protection in the EU institutions. These new rules are expected to apply from late 2018 onwards.
Both the ePrivacy and Regulation 45/2001 replacement texts should be adopted in time to become applicable at the same time as the GDPR. With this comprehensive reform, the EU will have a modern framework for protecting privacy and data protection.