The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) will replace the current existing EU Data Protection Directive 95/46/EC and will be directly applicable in all Member States without the need for implementing national legislation on the 25 May 2018. In 1995 the EU Data Protection Directive was incorporated into the EEA Agreement in a slightly adapted version resulting in the Directive applying to all EEA countries. Once adopted in the EU, the GDPR will also need to be incorporated into the EEA Agreement to apply also in the EEA countries. While maintaining the same core principles of the Directive, this Regulation introduces significant changes to the IT operations of businesses and the way these businesses, within and outside the EU, process personal data of their EU resident customers. A single set of rules will apply to all EU member states and each member state will establish an independent Supervisory Authority to sanction administrative offences, investigate complaints etc. Currently, Switzerland also revises its Data Protection Act, which will take over several features of the GDPR.