BLOG

Regulation

Image

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR’s primary aim is to give individuals control over their personal data.

The General Data Protection Regulation (EU) 2016/679 (GDPR) is the regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR’s primary aim is to give individuals control over their personal data.

The GDPR was adopted on 14 April 2016 and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it is directly binding and applicable but does provide flexibility for certain aspects of the regulation to be adjusted by individual member states.

The regulation became a model for many national laws outside the EU, including Chile, Japan, Brazil, South Korea, Argentina and Kenya. The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR.
Before GDPR, privacy was regulated by the Data Protection Directive, officially Directive 95/46/EC. This directive, enacted in October 1995, was a European Union directive regulating the processing of personal data within the European Union (EU) and the free movement of such data.

The Data Protection Directive is an important component of EU legislation on privacy and human rights. It was replaced by the General Data Protection Regulation, as EU directives are not legally binding and the European Commission wanted to unify data protection legislation in a unified European Union.