Continuous Transformation Blog

The Road to GDPR: The Continuous Reform of EU Data Protection Rules

Written by Laura Mauersberger | August 3, 2017

There's no question - The European Commission cares about the protection of your data. From early 2012 until now, the European Commission, the Council, and the Parliament has continually met to update the laws and regulations regarding the data protection of its citizens. 

In this article we summarize the history of EU data protection.


25 January 2012, the European Commission proposed a comprehensive reform of data protection rules to increase users' control of their data and to cut costs for businesses. This EU Data Protection Reform consolidated the confusing and costly administrative burdens and saved businesses upwards of €2.3 billion per year.

13 May 2014, the Court of Justice of the European Union acknowledged that under existing European data protection legislation, EU citizens have the right to request internet search engines to remove search results directly related to them. This sparked a lively debate on the “right to be forgotten.”

15 December 2015 - With technology rapidly changing and digitalization affecting the way our data is manipulated, the European Parliament, the Commission, and the Council met again to reform the EU data protection law. The particular reform included directives to protect citizens’ fundamental rights, including the personal data of victims, witnesses, and suspects of crime.

18 December 2015 - These changes were also welcomed by the European Council as a major step forward in the implementation of the Digital Single Market Strategy.

6 May 2015 The Digital Single Market Strategy was officially announced. The strategy was made up of three pillars -

  • Access to online products and services
  • Conditions for digital networks and services to grow and thrive
  • Growth of the European digital economy

The Digital Single Market Strategy did away with the expensive EU roaming charges and valued the European trade markets as the highest in the world for online businesses.  UK shoppers are estimated to have spent €153 billion online in 2016. During the same time, the US spent €363 billion online. Today, the EU online spend is valued at just under €500 billion, a figure expected to double by 2020. According to the Juncker Commission, a fully functional Digital Single Market could contribute €415 billion per year to the EU economy.

8 April 2016, the Council adopted the Regulation and the Directive. And on 14 April 2016, the Regulation and the Directive were adopted by the European Parliament.

On 4 May 2016, the official texts of the Regulation and the Directive have been published in the EU Official Journal in all the official languages. While the Regulation will enter into effect on 24 May 2016, it shall apply from 25 May 2018. The Directive was enforced on 5 May 2016, but EU Member States have two years to transpose it into their national law by 6 May 2018.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA.

Just in the past 4 years, the EU has enacted many laws and regulations to protect consumer data. This means a lot of changes for IT specific companies, including timely breach notification, right data to access, the right to be forgotten, and privacy by design. These regulation changes bring a lot of network and framework changes for your IT landscape.