The Data Privacy Directive was originally adopted in 1995, as a means of regulating the way personal data was dealt with in EU member states. Since the EU Data Privacy Directive was introduced, much has changed, regarding the availability of data.
These changes have been brought about by the growth of the Internet, which has meant that a person’s data can now be held, and accessed, in a myriad of different places.
These changes brought about the need for a more robust and cohesive system. This is why the General Data Protection Regulation (GDPR) was adopted on 27 May 2016, and replaces the Directive on 25 May 2018.
How is the GDPR so different from the EU Data Privacy Directive?
The main difference between the GDPR and the EU Data Privacy Directive is that the former is a directive and the later is a more substantive regulation. Under the Directive, different countries could interpret the information provided in different ways. Under the GDPR, the regulations apply across the whole of the EU.
There may be some leeway for different supervisory authorities to decide on certain matters, such as the level of actions to be taken when there is non-compliance. But, there is expected to be liaison between supervisory authorities and the EU will oversee all of the work of each authority.
It is worth noting that any business or organisation that handles the personal data of people living in the EU has to comply with GDPR regulations, even if it is not based within the EU.
Any business that does not comply with the new regulations could be faced with a hefty fine, or other sanction. This is obviously not good for a business, so compliance is something that has to be achieved.