European Interest

General Data Protection Regulation: one year on

FLICKR/MERRILL COLLEGE OF JOURNALISM PRESS RELEASES/CC BY-NC 2.0

On 25 May 2019, the General Data Protection Regulation will celebrate its first year of entry into application. To mark the occasion, Andrus Ansip, Vice-President for the Digital Single Market and Věra Jourová, Commissioner for Justice, Consumers and Gender Equality, issued the following statement:

“25 May marks the anniversary of Europe’s new data protection rules, the General Data Protection Regulation, also widely known as the GDPR. These game-changing rules have not only made Europe fit for the digital age, they have also become a global reference point.

The main aim of the rules has been to empower people and help them to gain more control over their personal data. This is already happening as people are starting to use their new rights and more than two-third of Europeans have heard of the regulation.

Also, companies now benefit from one set of rules applying throughout our Union. They have put their house in order when it comes to data, which led to increased data security and a trust-based relationship with their clients.

The GDPR gave authorities teeth to tackle breaches. For example, one year on, the newly established European Data Protection Board has registered over 400 cross-border cases around Europe. This is a testimony to the additional benefit of the GDPR, as data protection does not stop at national borders.

People are becoming more aware – and this is a very encouraging sign. New figures show that nearly six in ten people know that there is a data protection authority in their country. This is a significant increase from four in ten people back in 2015. The data protection authorities have an essential role to play in making GDPR deliver on the ground.

The new law has become Europe’s regulatory floor that shapes our response in many other areas. From Artificial Intelligence, development of 5G networks to integrity of our elections, strong data protection rules help to develop our policies and technologies based on people’s trust.

The principles of the GDPR are also radiating beyond Europe. From Chile to Japan, from Brazil to South Korea, from Argentina to Kenya, we are seeing new privacy laws emerge, based on strong safeguards, enforceable individual rights, and independent supervisory authorities. Such upward convergence offers new opportunities to promote data flows based on trust and security.

The GDPR has changed the landscape in Europe and beyond. But compliance is a dynamic process and does not happen overnight. Our key priority for months to come is to ensure proper and equal implementation in the Member States. We urge the Member States to respect to the letter and the spirit of the GDPR in order to create a predictable environment and avoid unnecessary burden for stakeholders, in particular SMEs. We will also continue our close collaboration with the European Data Protection Board and national data protection authorities, as well as businesses and civil society to address the most burning questions and facilitate the implementation of the new rules.”

The General Data Protection Regulation is a single set of rules with a common EU approach to the protection of personal data, directly applicable in the Member States. It reinforces trust by putting individuals back in control of their personal data and at the same time guarantees the free flow of personal data between EU Member States. The protection of personal data is a fundamental right in the European Union.

The GDPR has been applicable since 25 May 2018. Since then, nearly all Member States have adapted their national laws in the light of GDPR. The national Data Protection Authorities are in charge of enforcing the new rules and are better coordinating their actions thanks to the new cooperation mechanisms and the European Data Protection Board. They are issuing guidelines on key aspects of the GDPR to support the implementation of the new rules.

The Commission will take stock of one year of application of the GDPR in an event to be held on 13 June. As foreseen by the GDPR, the Commission will report on the application of the new rules in 2020.

Today, the first results of a special Eurobarometer on data protection, collecting the views of over 27,000 people across the EU will be released. The European Commission will release the full Eurobarometer results at the anniversary event on 13 June.

Explore more