Data protection in the EU

In this video, the origins of the EU data protection regime are explained. The Police and Criminal Justice Data Protection Directive and General Data Protection Regulation are introduced as two crucial legal instruments. The Directive had to be implemented by the EU Member States before 6 May 2018 and the Regulation became effective on 25 May 2018.

For many years, at the core of the EU data protection regime one could find the 1995 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the 2008 Council Framework Decision dealing with data protection within the framework of police and judicial cooperation in criminal matters.

A few years ago, the European Commission started making changes to this regime. In 2012, it introduced the data protection reform package. The first proposal of the reform package included the new Police and Criminal Justice Data Protection Directive replacing the Council Framework Decision from 2008. It concerns the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.

The second proposal was the General Data Protection Regulation or the GDPR replacing the Directive from 1995 that dealt the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Essentially, the GDPR replaces local data protection laws of EU Member States and, from May 2018, is applicable to the processing of personal data by various actors established within or outside the EU. These include businesses, local governments, supermarkets and any other organisations that process personal data. It might also apply to you, so don’t wait and act now!