Transforming Local Government

Web Labs

The GDPR timeline

The GDPR timeline

For those that really want to understand the General Data Protection Regulation (GDPR) and why it is so important now, we have published this useful timeline.

The GDPR Deadine is approaching very soon so your organisation needs to get ready for it. A good GDPR strategy and understanding is crucial if you want to mitigate the significant risks that your organisation maybe exposed to.

Timeline

1980
23 SEP

OECD Issued recommendations for the protection of personal data
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 1980

1995
24 Oct

Directive 95/46/EC, A more binding form of governance in the Data Protection Directive
Europa, 1995

2000
26 Jul

Safe Harbour Principles were developed. Designed to prevent the disclosing or losing of personal information (Europa, 2000)

  • Notice – Individuals must be informed
  • Choice – options to opt out
  • Onward Transfer – only allowable for organisations that follow adequate data protection principles
  • Security – reasonable efforts to prevent loss of collected information
  • Data Integrity – data must be relevant and reliable for the purpose it was collected
  • Access – Individuals must have access to information held, corrections or delete if inaccurate
  • Enforcement – An effective means of enforcement must exist
2001
26 Oct

US Patriot act, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism
Government Publishing Office (US), 2001

2002
2 Jul

EU found that (WP29, 2002)

...a substantial number of organisations that have self-certified adherence to the Safe Harbour do not seem to be observing the expected degree of transparency as regards their overall commitment or as regards the contents of their privacy policies..

...not all dispute resolution mechanisms have indicated publicly their intention to enforce Safe Harbour...

...not all have in place privacy practices applicable to themselves...

2011
14 Jan

EDPS – European Data protection supervisor publishes an opinion on the European Commission's Communication
European Data Protection Supervisor, 2011

1 Jun

Microsoft UK MD states that

Cloud Data, regardless of where it is in the world, is not protected against the Patriot Act

Whittacker, 2011

2012
25 Jan

EC - Proposal to strengthen online privacy rights and digital economy
Europa, 2012

7 Mar

EDPS Opinion on EC data protection reform Package
EUROPEAN DATA PROTECTION SUPERVISOR, 2012

23 Mar

WP29 Opinion on data reform proposal
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012

5 Oct

WP29 Update on data protection reform
ARTICLE 29 DATA PROTECTION WORKING PARTY, 2012

2013
09 Jun

Edward Snowden’s revelations concerning activities of the United States Intelligence Services
Gellman, Blake, & Miller, 2013

2014
12 Mar

EP Adopts GDPR
The European Parliament, 2014

2015
24 Mar

Maximillian Shrems case aimed at prohibiting Facebook, in light of the Snowden revelations, from transferring data from Ireland to United States was heard by CJEU
(InfoCuria - Case-law of the Court of Justice, 2015

23 Sep

Advocate General, Yves Bot stated that

...the European Commission was unable to guarantee that "adequate" safeguards for the protection of data are met

Court of Justice of the European Union, 2015

15 Jun

The council reaches a general approach on the GDPR

27 Jul

EDPS recommendations on the final text of GDPR
Official Journal of the European Union, 2015

06 Oct

European Court of Justice invalidates the Safe Harbour Decision

...compromising the essence of the fundamental right to respect for private life...

EUR-Lex, 2015

15 Dec

EP, Council and EC reach an agreement on the GDPR
Council of the European Union, 2015

2016
02 Feb

Article 29 Working Party issues an action plan for the implementation of the GDPR
Article 29 Working Party, 2017

24 May

The Regulation enters into force, 20 days after publication in the official journal of the EU
Council of the European Union, 2016

2017
10 Jan

EC proposes two new regulations on privacy and electronic communications and on the data protection rules applicable to EU institutions
European Commission, 2017

2018
6 May

Data Protection Directive for the police and justice sectors into national legislation applicable from this day
Parliament, 2018

25 May

The General Data Protection Regulation will apply from this day

Bibliography

Tags

Last Updated: 10 May 2018