EU Data Protection Regulation

EU General Data Protection Regulation 2012/0011(COD)

On 25th January 2012, the European Commission published its proposals for a comprehensive reform of data protection legislation across the EU. The new data protection framework will consists of a General Data Protection Regulation to replace the Data Protection Directive 95/46/EC and a separate Police and Criminal Justice Data Protection Directive.

The main difference between a Directive and a Regulation is that a Directive is implemented by legislation in each Member State, so each country can adopt its own interpretation, while a Regulation is directly applicable in all 27 Member States (500 million people).

The draft Regulation sets out the framework and more detailed rules will be made later.

The Data Protection Act 1998 implemented the Data Protection Directive 95/46/EC in the UK, so the Act will be repealed when the Regulation comes into force, although the Information Commissioner’s Office (ICO) will continue to be the supervisory authority.

A key theme running through the Regulation is that personal data belongs to the individual and not the business.

The key changes from a UK perspective will be explained in a series of blogs.