The biggest ICT law to be implemented by the European Commission to the EU/EEA member states, is the General Data Protection Regulation (Regulation (EU) 2016/679). The regulation is a binding law that all members must implement in their own country’s laws, and are actually rated above the national laws.

The GDPR is a regulation that replaces the original law from 1995. Normally, 20 years is not a long time for a law, but in ICT this is a very long time. The internet was only in its beginning to become widespread, there were no social medias and no tracking/profiling online. The amount of data that are being collected today via a number of services online has required such a law to be updated.

The regulations primary motive is to protect the data of residents in the EU, and give them better control over it.

There was initially a large resistance against the law saying it would be too costly, but after the Snowden documents – there was clearly a need for the personal data to be protected – and the law were put in motion.

The GDPR were finished on the 27th of April 2016, and with a two-year transition period it will be enforceable from 25th of May 2018.