General Data Protection Regulation

The GDPR (2016/679) was initially published by the European Commission in January 2012.  After four years of negotiation, it was finally adopted on 27 April 2016.  Following a two year implementation period, the GDPR came into force across the European Union on 25 May 2018.  It replaced the existing Data Protection Directive 95/46/EC. The GDPR introduces substantial changes to European data protection law, along with financial penalties for non-compliance.   The Regulation replaces the current European legislative framework under the 1995 Data Protection Directive (“Directive”) on which the primary Irish data protection law, the Data Protection Acts 1988 to 2018 (the “Acts”) is based. The previous system of various national laws, that transposed the Directive, resulted in a fragmented regulatory system for data controllers operating in the European Union. As the Regulation has direct effect, it should allow for the application and enforcement of a more standardised data protection law across the EU. The reforms will also specifically address some current technological challenges and opportunities in respect of the processing of personal data in the current digital age, including profiling, data portability and the ‘right to be forgotten’.  Please follow the following links which set out the principal changes that arise under the Regulation: