The General Data Protection Regulation (EU) 679/2016 (GDPR) will be, as of 25 May 2018, the main data protection legal framework in European Union (EU). The GDPR overrides the EU’s Data Protection Directive that came into force in 1995. Being a regulation (and not a Directive), the GDPR harmonises data protection in the European Union as a binding legal reference applicable across all 28 Member States.
It is important to note that whilst the GDPR is a binding regulation on all member states (and those that fall under its territorial scope), there is nothing restricting member state’s from supplementing/adding to the GDPR’s provisions when transposing the GDPR’s provisions into their national law.
Over and above the need to ensure consistency in data handling across the Member States, the GDPR responds to the changes in processing of personal data arising associated with the digital economy and the need to provide for increased control over personal data handling.