The European Union’s General Data Protection Regulation will replace the current 95/46/EC Directive by 2018. Unlike the current Directive, the GDPR will be a law and will have to be adopted by all the countries in the EU.
Those familiar with the Directive will soon notice the GDPR is built on the directive – some aspects remaining the same, others change and new rules are added. For instance, the GDPR puts a much greater emphasis on individual rights, while also bringing bigger fines for non-compliance. It has the purpose of re-conciliating country-specific and sometimes conflicting European data privacy laws.
Most importantly, it aims at changing the way organizations that operate in the EU or that collect personal data from the Union’s citizens, approach data privacy.
Empowering citizens regarding their personal data is one of the main objectives pursued through the Regulation.
As a regulation, the GDPR must be immediately applied across the Union, unlike a directive, that must be transposed by each member state into the national law.