A new legal framework for the personal data protection has started to being applied all over the European Union about three years ago. Since the 25th of May 2018 all the Member States have the same legislation.
In 2018, the European Regulation n. 2016/679 – General Data Protection Regulation (GDPR) has started to be applied all over the member states of the European Union and also in Iceland, Liechtenstein and Norway, by becoming applicable all over the European Economic Area (EEA). The proposal of regulation was presented to the European Commission in 2012, joined with the directive proposal for discipline the personal data processing by relevant authority on investigation, prevention and pursuit of crimes. Both instruments were approved and entered in force in 2016, with a transitional period of two years since the implementation.
With the GDPR was created the European Data Protection Board, an European Body composed by all the National Supervisory Authority for Personal Data Protection and by the European Data Protection Supervisor (EDPS), which hosts also the European Commission without the right to vote. The GDPR has introduced a cooperation mechanism and a coherence mechanism in order to guarantee the coherent implementation all over the countries. In this context, the European Board has just issued its first opinion on a code of conduct presented by services providers of cloud computing (CISPE).