This Regulation will mark the beginning of a new era with respect to the protection of everyone’s personal data within the European Union.
Currently, the European Union has 28 different legislations concerning the processing of personal data. This is the result of an EU Directive adopted about 20 years ago and then implemented by each Member State individually into national legislation with its own character.
The new Regulation aims to get rid of this fragmentation. Unlike a Directive, a European Regulation is directly applicable in each Member State, without the need for transposition into national legislation.
However, this does not mean that separate national legislation will no longer exist.
Member States must ensure compliance with the Regulation and the protection it provides. But the Regulation itself for example stipulates that each Member State, by law or by collective agreement, may provide for more specific rules on the processing of employees’ personal data in the employment context.
It can be expected that several Member States will make use of this possibility and that local specificities will continue to exist.
In the future, companies doing business in different European member states will only have to work with one single central administration, whereas previously they had to verify in every member state separately which actions they had to undertake.
Furthermore, an important advantage of the new Regulation is that all companies who want to offer goods or services in Europe or to monitor the behaviour of European citizens (e.g., through online profiling) will have to comply with the Regulation, even if they are not based in the Union.