Share to Facebook Share to Twitter Share to LinkedIn

The General Data Protection Regulation has been a long-time coming. The shear amount of personal data being collected currently is much higher than that of the past, more so than 20 years ago when the last major changes were made in the European Union. So, what is the history of Data Protection in the EU?

The Beginning of Data Protection

Although the basic concepts of respecting privacy were set-out vaguely in the 1950s during an EU convention on human rights, they were not specific to electronic storage of personal data. So, come the 1980s, when computing was beginning to be used to process personal data, the European council held a convention. This set out guidelines for EU members on what is wrong and what is right. From this, the UK created the Data Protection Act 1984.

The Growth of Computer Usage

This was a good start, but since this was passed, the usage of computers and their availability grew exponentially. This unprecedented growth led to another EU convention in 1995 - the Data Protection Directive. The main purpose of this was to set a higher general standard, how EU data can leave the EU and how this directive can apply to non-EU states. Following this, the UK then created the Data Protection Act 1998. Other countries followed suit, creating their own versions of this. This was a good start, but they were largely incompatible with each other.

Birth of the General Data Protection Regulation

Jump ahead to 2012, it became apparent that some common ground was needed across the whole of the EU, considering this was a directive which is generally only suggestive. The GDPR legislation was proposed and then negotiated within the EU council and European parliament. Almost 2 years after this in 2014, the European parliament reached an agreement. Following this, the council also reached an agreement. The following year there were further negotiations which led to the approval. Then in Spring 2016, the regulation was fully adopted and put into place.

Being in place, it was decided there was to be a two years implementation phase and that the act will start to apply 25th May 2018. So that is where we are right now, with less than one year to go.

Unsure what the GDPR could mean for you/your business, see our first article that briefly runs down the five major takeaways from the regulation.

Further Reading

For more information please visit: and