Page contentsPage contents Data protection in the EU In today's digital age, where information is constantly shared, collected and processed, there is a need for clear and strong data protection rules.Data protection is a fundamental right under EU law. EU data protection legislation is comprised of the General Data Protection Directive (GDPR), the Law Enforcement Directive (LED), and the Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR). To ensure that this legislation is applied consistently, national and European data protection authorities and bodies have been established.Find out more about the EU's legal framework for data protection Data protection: questions and answersData protection explainedRead about key concepts such as personal data, data processing, when and to whom the GDPR applies to, and more.Information for individualsRead about the rights you have over your personal data under the GDPR, how to exercise these rights, and more.Information for businesses and organisationsRead about data protection principles and obligations, enforcement of the rules, dealing with individuals' requests, and more. DisclaimerThe information and guidance in these webpages are intended to contribute to a better understanding of EU data protection rules.This is intended purely as a guidance tool – only the text of the General Data Protection Regulation (GDPR) has legal force. As a consequence, only the GDPR is liable to create rights and obligations for individuals. This guidance does not create any enforceable right or expectation.The binding interpretation of EU legislation is the exclusive competence of the Court of Justice of the European Union. The views expressed in this guidance are without prejudice to the position that the Commission might take before the Court of Justice.Neither the European Commission nor any person acting on behalf of the European Commission is responsible for the use which might be made of the following information.As this guidance reflects the state of the art at the time of its drafting, it should be regarded as a 'living tool' open for improvement and its content may be subject to modifications without notice. International dimension of data protection The EU has established international data protection agreements to ensure that EU citizens' personal data remains protected even if transferred outside the EU. EU data protection legislation includes safeguards for when transferring data to third countries, including adequacy decisions, standard contractual clauses (SCC) and binding corporate rules (BCR).Find out more about the international dimension of data protection Funding to support the implementation of the GDPR The Commission has provided funding to national data protection authorities to finance projects that support the implementation of the GDPR. These projects aim to equip individuals and businesses with the knowledge and resources needed to navigate and ensure compliance with data protection rules. The types of projects funded by the Commission typically include awareness-raising campaigns, training programs, and the development of practical tools and materials that can facilitate small and medium-sized enterprises' (SMEs) compliance with the GDPR.Find out more about these EU-funded projects Timeline 25 July 2024The Commission publishes the second report on the application of the General Data Protection Regulation (GDPR).4 July 2023The Commission proposes further specifying procedural rules relating to the enforcement of the GDPR.14 October 2022The Commission publishes the first report on the application of the Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR).25 July 2022The Commission publishes the first report on the application of the LED.24 June 2020The Commission publishes the first report on the application of the GDPR.11 December 2018The EUDPR becomes applicable.23 October 2018The European Parliament and the Council adopt the EUDPR.25 May 2018The GDPR becomes applicable.6 May 2018The Member States have to transpose the LED into their national law. 10 January 2017The Commission proposes the EUDPR. 24 May 2016The GDPR enters into force.5 May 2016The LED enters into force.27 April 2016The European Parliament and the Council adopt the LED and the GDPR.25 January 2012The European Commission proposes a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.4 November 2010The Commission presents a Communication to the other EU institutions on "A comprehensive approach on personal data protection in EU".Show 12 more items24 October 1995The European Data Protection Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data is adopted with a transposition deadline of three years from the date of its adoption.
Data protection explainedRead about key concepts such as personal data, data processing, when and to whom the GDPR applies to, and more.
Information for individualsRead about the rights you have over your personal data under the GDPR, how to exercise these rights, and more.
Information for businesses and organisationsRead about data protection principles and obligations, enforcement of the rules, dealing with individuals' requests, and more.
