Designed to grapple with the realities of global, ubiquitous data in the internet era, the EU’s new data protection legislation should provide increased legal certainty for both individuals and organisations processing data and greater protection for the individual in general.
In this section you will find links to key pieces of current and new data protection legislation.
In particular, the reform of the EU’s data protection rules which began in January 2012, has resulted in three key pieces of legislation:
- a general Regulation on data protection (679/2016 - GDPR) which was adopted on 24 May 2016, applicable as of 25 May 2018;
- a specific Directive (680/2016) on data protection in the area of police and justice, adopted on 5 May 2016, applicable as of 6 May 2018;
- the Regulation (EU) 2018/1725 with regard to the processing of personal data by the Union institutions, bodies, offices and agencies.
Take a look at the history of the General Data Protection Regulation on our GDPR timeline page for more information about its evolution. You can also download EU Data Protection, a free app for mobile devices from the EDPS to consult the new texts of these two pieces of legislation.
Below you will also find a link to the ePrivacy Directive 2002/58/EC which provides additional data protection rules for telecommunications networks and internet services. This Directive is due to be repealed. The European Commission adopted a proposal for a Regulation on 10 January 2017; it is currently under discussion in the European Parliament and the Council of the European Union.
The European Commission adopted the Regulation (EU) 2018/1725 which repealed Regulation (EC) 45/2001 and brings it into line with the GDPR. This Regulation lays down the rules for data protection in the EU institutions - as well as the duties of the European Data Protection Supervisor.
With this comprehensive reform, the EU has a modern framework for protecting privacy and data protection.
Regulation (EC) No 45/2001 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, OJ L 8, 12.01.2001, p. 1
Decision No 1247/2002/EC on the regulations and general conditions governing the performance of the European Data protection Supervisor's duties, OJ L 183, 12.07.2002, p. 1
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ L 281, 23.11.1995, p. 31
Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), OJ L 201, 31.07.2002, p. 37
Directive 2009/136/EC amending Directive 2002/22/EC on universal service and users’ rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws, OJ L 337, 18.12.2009, p. 11
Council framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters, OJ L 350, 30.12.2008, p. 60
OECD Guidelines governing the protection of privacy and transborder flows of personal data (July 2013) OECD Recommendation on Cross-border Co-operation in the Enforcement of Laws Protecting Privacy (2007)