GDPR
Since the mid-1990’s, legislation that protects the information privacy of individuals in the European Union (EU) has been primarily based on EU Directive 95/46/EC: the Data Protection Directive. This is the legislative act that has set out the minimum standards on data protection in the whole of Europe. Each country within the EU has taken Directive 95/46/EC and transposed it into their own, local data protection laws. The Dutch Wet bescherming persoonsgegevens, German Bundesdatenschutzgesetz, Belgian Privacywet / Loi vie privée and United Kingdom’s Data Protection Act 1998 are all examples of such local laws.
Since the Directive has essentially not changed since 1995 and all local legislation based on it has only seen minor updates, the European Commission and European Parliament deemed it outdated to meet modern privacy needs and concerns. Therefore preparations have been started over four years ago to come up with a replacement A European data protection act that is up to date and protects individuals’ privacy in the digital world we live in today.
That data protection act has now been finalised. It is called the General Data Protection Regulation (GDPR) and will replace local data protection laws, such as the ones mentioned above, being valid in every country of the EU. The EU institutions made good on their promises to remove red tape for businesses but also tighten privacy protections for individuals. This means privacy rules will change and organisations that deal with information relating to individuals will need to adept.
What types of privacy data does the GDPR protect?
Basic identity information such as name, address and ID numbers
Web data such as location, IP address, cookie data and RFID tags
Health and genetic data
Biometric data
Racial or ethnic data
Political opinions
Sexual orientation