On 25 May, the General Data Protection Regulation (GDPR) will come into force. The Regulation updates and modernises the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights.
The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens. The Regulation focuses on:
reinforcing individuals' rights;
strengthening the EU internal market;
ensuring stronger enforcement of the rules;
streamlining international transfers of personal data and;
Setting global data protection standards.
The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people's personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.