An overview of key GDPR events from proposal, amendment, approval and adoption to enforcement.
Previous Legislation
1995 — Oct 24
Data Protection Directive 95/46/EC created to regulate the processing of personal data.
Legislative Proposals
2012 — Jan 25
Initial proposal for an updated data protection regulation by the European Commission.
2014 — Mar 12
The European Parliament approved its own version of the regulation in its first reading.
2015 — Jun 15
The Council of the European Union approved its version in its first reading (the 'general approach'), allowing the regulation to pass into the Trilogue stage.
Trilogue Negotiations
2015 — Jun 24
Package approach; overall roadmap for Trilogue negotiations; delegated and implementing acts.
2015 — Jul 14
Territorial scope (Art. 3), Representative (Art. 25), international transfers (Chapter V).
2015 — Sep / Oct
Data protection principles, data subject rights, controller and processor, supervisory authorities, remedies and sanctions.
2015 — Nov / Dec
Objectives and material scope, specific regimes, delegated and implementing acts, final provisions and remaining issues.
Approval & Adoption
2015 — Dec 15
The Parliament and Council came to an agreement on the final text.
2016 — Apr 8
Adopted by the Council of the European Union.
2016 — Apr 14
Adoption by the European Parliament in a historic privacy ruling.
2016 — May
The regulation entered into force 20 days after publication in the EU Official Journal.
Enforcement
2018 — May 25
Following a two-year post-adoption grace period, the GDPR became fully enforceable throughout the European Union.
The information contained within this resource does in no way constitute legal advice. Any person who intends to rely upon or use this information is solely responsible for independently verifying it and obtaining independent expert advice if required.
Questions about data protection?
We advise on GDPR and data-privacy compliance for business.