|     | Advanced search
Print this page

European reform
General Data Protection Regulation

The recent data protection reform is a set of legislative measures proposed by the European Commission in 2012 and aimed at updating and modernizing the rules set out in the 1995 Data Protection Directive (Directive 95/46/CE) and in the 2008 framework decision on the protection of personal data processed in the context of police and judicial cooperation in criminal matters (Framework Decision 2008/977/JAI).

The new data protection package contains a general data protection regulation and a specific directive for police and justice.

The Council of the EU has finalised negotiations and concluded an agreement on the proposed package in December 2015. Approval by the European Parliament on the 14 April 2016 wrapped up more than four years of drafting, debating and lobbying. The new regulation will be directly applicable in all member states starting from 25 May 2018, and member states will be required to transpose the new directive into national law by 6 May 2018.

Why was it necessary to reform the current legal framework?

Current EU data protection legislation has been applicable for over twenty years. While the 1995 Directive guarantees a strong level of protection, it has become necessary to modernise existing rules in order to account for the effects of globalization and the emergence of new technologies.

Present rules were in fact adopted at a time when numerous online services and the challenges to data protection did not yet exist. Processing of personal data has increased exponentially with the rise of social media, cloud computing, the Internet of Things, services using geo-tracking and chip cards.

This led to an increase in the risks associated with abusive use of personal data and cybercrime. News stories about data leaks, cyber-attacks and confidentiality breaches have become the norm.

The disparities in national laws transposing the 1995 Directive have also given rise to inconsistencies, legal uncertainty and compliance costs. This in turn has negatively impacted individuals’ confidence and the EU’s competitiveness. 

Thus, it became necessary to adopt a comprehensive set of rules which would effectively safeguard individuals’ rights to personal data protection in the digital era, as recognized by Article 8 of the EU’s Charter of Fundamental Rights.

What will change with the new regulation?

From 25 May 2018, the General Data Protection Regulation will be applicable to all actors operating in the EU. The new rules are aimed at strengthening citizens’ control of their personal data, the role of national data protection authorities such as the CNPD, as well as reinforcing companies’ accountability while at the same time reducing onerous reporting obligations.

Other resources and presentations

Conférence CNPD/SMC du 11 octobre 2016



Défis et opportunités du nouveau règlement européen pour le Luxembourg Xavier Bettel, Premier ministre, Ministre des Communications et des Médias
La protection des données à l'ère digitale Pascal Steichen, SECURITYMADEIN.LU