The new European Union General Regulation on Data Protection and the legal consequences for institutions

摘要

The aim of this study is to set out the new legal framework that has appeared in the European Union following the repealing of the 1995 European Directive on Data Protection on approving the new and significant General Data Protection Regulation (GDPR). This study provides an overview and a more detailed examination of the topic, based on an analysis of the legal framework established by the Directive in 1995 and the regulation proposals of 2012 that emerged in Europe and in the United States, followed by a study of the principal reforms contained in the GDPR of 2016. The study is concluded by identifying the most significant practical applications. The GDPR implies very important new rules that will be applied across the EU and that will directly affect every Member State. Furthermore, its aim is to overcome the existing fragmented regulations and to modernise the principles of privacy in the European Union. The practical and social implications of the GDPR are very significant, as it constitutes a single and updated set of rules applicable in the whole of the EU and for all the data processing of European citizens. It seeks to avoid the fragmentation of the EU market and to facilitate cross-border business and corporate activity, the free circulation of personal data and a greater guarantee of the fundamental rights and freedoms of European citizens. In the interest of European citizens, it regulates the rights to access, rectify, delete and object and it recognises two new rights: to be digitally forgotten and data portability.