Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only T&Cs apply

Find out more
Home / Business & Management / Big Data & Analytics / Understanding the GDPR / Data protection in the EU

Data protection in the EU

Previous and new EU legal regimes on data protection form the source of essential rights and obligations. Watch Evgeni Moyakine explain more.
View transcript
7.2
At the core of the European Union data protection regime, for many years, they have been two legal instruments. The first one is the directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data, adopted in 1995. And the second one is the Council Framework Decision dealing with data protection within the framework of police and judicial cooperation in criminal matters, adopted in 2008. In 2012, the European Commission prepared and made public the General Protection Reform Package containing two proposals for new legal acts.
45.3
This was deemed necessary in order to modernise the outdated legal framework on data protection and strengthen Europe’s digital economy and fundamental rights of individuals in the digital age. The first proposal includes the new Police and Criminal Justice Data Protection Directive of the European Parliament and of the Council that replaces the Council Framework Decision from 2008. It concerns the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences, or the execution of criminal penalties and the free movement of such data.
88.3
The competent authorities in question could be not only public authorities, such as the judicial authorities, the police, and other law enforcement agencies, but also other bodies and entities entrusted by EU Member State law to exercise public authority and public powers for the purposes of this directive. The second proposal is the General Data Protection Regulation of the European Parliament and of the Council, or simply the GDPR, which replaces the Directive from 1995. Its focus is on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This regulation is what we are dealing with in this course.
131.8
For the sake of clarity, the main difference between directives and regulations as legal instruments of the European Union needs to be explained. Directives are essentially legislative acts harmonising national laws and establishing certain objectives that must be achieved by EU Member States. Individual countries may decide themselves how they incorporate directives into their national legislation. Regulations are a different type of legislative act. They are binding and directly applicable in their entirety in all EU member states. The General Data Protection Regulation is a regulation that aims to create a more effective and consistent data protection regime in the EU.
174.4
After the new Police and Criminal Justice Data Protection Directive was published in the Official Journal of the European Union on the 4th of May, 2016, it entered into force on the 5th of May of the same year. EU Member States are required to transpose the directive into their national legal orders before the 6th of May, 2018. The General Data Protection Regulation was also published on the 4th of May, 2016, but entered into force on the 24th of May of that year. It will become binding and directly applicable in all EU Member States from the 25th of May 2018 without the need for implementing national legislation.
216.4
The General Data Protection Regulation replaces local data protection laws of EU Member States and applies to the processing of personal data by a broad range of actors established within or outside the European Union, for example, pharmacists, companies offering all sorts of goods and services, educational institutions, and many others. Therefore, it is not an exaggeration to say that now it is time to act and to comply with the regulation.

In this video, the origins of the EU data protection regime are explained. The Police and Criminal Justice Data Protection Directive and General Data Protection Regulation are introduced as two crucial legal instruments. The Directive had to be implemented by the EU Member States before 6 May 2018 and the Regulation became effective on 25 May 2018.

For many years, at the core of the EU data protection regime one could find the 1995 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the 2008 Council Framework Decision dealing with data protection within the framework of police and judicial cooperation in criminal matters.

A few years ago, the European Commission started making changes to this regime. In 2012, it introduced the data protection reform package. The first proposal of the reform package included the new Police and Criminal Justice Data Protection Directive replacing the Council Framework Decision from 2008. It concerns the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.

The second proposal was the General Data Protection Regulation or the GDPR replacing the Directive from 1995 that dealt the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Want to keep
learning?

This content is taken from
University of Groningen online course,

Understanding the GDPR

View Course

Essentially, the GDPR replaces local data protection laws of EU Member States and, from May 2018, is applicable to the processing of personal data by various actors established within or outside the EU. These include businesses, local governments, supermarkets and any other organisations that process personal data. It might also apply to you, so don’t wait and act now!

Want to keep learning?

This content is taken from University of Groningen online course
Understanding the GDPR
View Course
See other articles from this course
This article is from the online course:

Understanding the GDPR

Created by
Join Now
This article is from the free online

Understanding the GDPR

Created by
Join Now
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now

Register to receive updates

  • Create an account to receive our newsletter, course recommendations and promotions.

    Register for free