The General Data Protection Regulation ((EU) 2016/679)) known as “GDPR” is a response to the rapid technological changes since the Data Protection Directive (95/46/EC) was implemented into national law.
It will bring about significant changes to the data protection framework in Europe. The GDPR is a regulation designed to harmonise data protection law across the EU and transform the way in which personal data is collected, shared and used globally to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
The GDPR will repeal the Data Protection Directive and will be directly applicable in EU member states on 25th May 2018. In the UK the Data Protection Bill (DPB), once it receives Royal Assent, and the GDPR must be read together (see Data Protection Bill).
The GDPR is supplemented by the Directive for the police and criminal justice sector ((EU) 2016/680)) (Law Enforcement Directive) which came into force on 5 May 2016 and EU member states must transpose it into their national law by 6 May 2018.
It will replace Council Framework Decision 2008/977/JHA of 27th November 2008 on the protection of personal data processed in the framework of police and judicial co-operation in criminal matters.
The type and amount of personal data to be processed by relevant parties depends on the reason such data are processed (legal reason used) and what they will be used for. Several key rules should be respected, including: