Skip to main content

Data protection

Rules for the protection of personal data inside and outside the EU.

Data protection in the EU

In today's digital age, where information is constantly shared, collected and processed, there is a need for clear and strong data protection rules.

Data protection is a fundamental right under EU law. EU data protection legislation is comprised of the General Data Protection Directive (GDPR), the Law Enforcement Directive (LED), and the Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR). 

To ensure that this legislation is applied consistently, national and European data protection authorities and bodies have been established.

Find out more about the EU's legal framework for data protection

Data protection: questions and answers

Read about key concepts such as personal data, data processing, when and to whom the GDPR applies to, and more.

Read about the rights you have over your personal data under the GDPR, how to exercise these rights, and more.

International dimension of data protection

The EU has established international data protection agreements to ensure that EU citizens' personal data remains protected even if transferred outside the EU. 

EU data protection legislation includes safeguards for when transferring data to third countries, including adequacy decisions, standard contractual clauses (SCC) and binding corporate rules (BCR).

Find out more about the international dimension of data protection

Funding to support the implementation of the GDPR

The Commission has provided funding to national data protection authorities to finance projects that support the implementation of the GDPR. 

These projects aim to equip individuals and businesses with the knowledge and resources needed to navigate and ensure compliance with data protection rules. 

The types of projects funded by the Commission typically include awareness-raising campaigns, training programs, and the development of practical tools and materials that can facilitate small and medium-sized enterprises' (SMEs) compliance with the GDPR.

Find out more about these EU-funded projects

Timeline

  1. 25 July 2024

    The Commission publishes the second report on the application of the General Data Protection Regulation (GDPR).

  2. 4 July 2023

    The Commission proposes further specifying procedural rules relating to the enforcement of the GDPR.

  3. 14 October 2022

    The Commission publishes the first report on the application of the Data Protection Regulation for EU institutions, bodies, offices and agencies (EUDPR).

  4. 25 July 2022

    The Commission publishes the first report on the application of the LED.

  5. 24 June 2020

    The Commission publishes the first report on the application of the GDPR.

  6. 11 December 2018

    The EUDPR becomes applicable.

  7. 23 October 2018

    The European Parliament and the Council adopt the EUDPR.

  8. 25 May 2018

    The GDPR becomes applicable.

  9. 6 May 2018

    The Member States have to transpose the LED into their national law.

     

  10. 10 January 2017

    The Commission proposes the EUDPR

  11. 24 May 2016

    The GDPR enters into force.

  12. 5 May 2016

    The LED enters into force.

  13. 27 April 2016

    The European Parliament and the Council adopt the LED and the GDPR.

  14. 25 January 2012

    The European Commission proposes a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy.

  15. 4 November 2010

    The Commission presents a Communication to the other EU institutions on "A comprehensive approach on personal data protection in EU".

  16. 24 October 1995

    The European Data Protection Directive on the protection of individuals with regard to the processing of personal data and on the free movement of such data is adopted with a transposition deadline of three years from the date of its adoption.