Skip main navigation

Data protection in the EU

Previous and new EU legal regimes on data protection form the source of essential rights and obligations. Watch Evgeni Moyakine explain more.
7.2
At the core of the European Union data protection regime, for many years, they have been two legal instruments. The first one is the directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data, adopted in 1995. And the second one is the Council Framework Decision dealing with data protection within the framework of police and judicial cooperation in criminal matters, adopted in 2008. In 2012, the European Commission prepared and made public the General Protection Reform Package containing two proposals for new legal acts.
45.3
This was deemed necessary in order to modernise the outdated legal framework on data protection and strengthen Europe’s digital economy and fundamental rights of individuals in the digital age. The first proposal includes the new Police and Criminal Justice Data Protection Directive of the European Parliament and of the Council that replaces the Council Framework Decision from 2008. It concerns the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection, or prosecution of criminal offences, or the execution of criminal penalties and the free movement of such data.
88.3
The competent authorities in question could be not only public authorities, such as the judicial authorities, the police, and other law enforcement agencies, but also other bodies and entities entrusted by EU Member State law to exercise public authority and public powers for the purposes of this directive. The second proposal is the General Data Protection Regulation of the European Parliament and of the Council, or simply the GDPR, which replaces the Directive from 1995. Its focus is on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This regulation is what we are dealing with in this course.
131.8
For the sake of clarity, the main difference between directives and regulations as legal instruments of the European Union needs to be explained. Directives are essentially legislative acts harmonising national laws and establishing certain objectives that must be achieved by EU Member States. Individual countries may decide themselves how they incorporate directives into their national legislation. Regulations are a different type of legislative act. They are binding and directly applicable in their entirety in all EU member states. The General Data Protection Regulation is a regulation that aims to create a more effective and consistent data protection regime in the EU.
174.4
After the new Police and Criminal Justice Data Protection Directive was published in the Official Journal of the European Union on the 4th of May, 2016, it entered into force on the 5th of May of the same year. EU Member States are required to transpose the directive into their national legal orders before the 6th of May, 2018. The General Data Protection Regulation was also published on the 4th of May, 2016, but entered into force on the 24th of May of that year. It will become binding and directly applicable in all EU Member States from the 25th of May 2018 without the need for implementing national legislation.
216.4
The General Data Protection Regulation replaces local data protection laws of EU Member States and applies to the processing of personal data by a broad range of actors established within or outside the European Union, for example, pharmacists, companies offering all sorts of goods and services, educational institutions, and many others. Therefore, it is not an exaggeration to say that now it is time to act and to comply with the regulation.

In this video, the origins of the EU data protection regime are explained. The Police and Criminal Justice Data Protection Directive and General Data Protection Regulation are introduced as two crucial legal instruments. The Directive had to be implemented by the EU Member States before 6 May 2018 and the Regulation became effective on 25 May 2018.

For many years, at the core of the EU data protection regime one could find the 1995 Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the 2008 Council Framework Decision dealing with data protection within the framework of police and judicial cooperation in criminal matters.

A few years ago, the European Commission started making changes to this regime. In 2012, it introduced the data protection reform package. The first proposal of the reform package included the new Police and Criminal Justice Data Protection Directive replacing the Council Framework Decision from 2008. It concerns the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data.

The second proposal was the General Data Protection Regulation or the GDPR replacing the Directive from 1995 that dealt the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Essentially, the GDPR replaces local data protection laws of EU Member States and, from May 2018, is applicable to the processing of personal data by various actors established within or outside the EU. These include businesses, local governments, supermarkets and any other organisations that process personal data. It might also apply to you, so don’t wait and act now!

This article is from the free online

Understanding the GDPR

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education