On January 28, 2012, the European Commission presented a major data protection reform package, proposing a unified legal framework for data protection within the whole of the EU, in order to make Europe "fit for the digital age".
This package consisted of two documents: the Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (intended to replace the Council Framework Decision 2008/977/JHA), and the General Data Protection Regulation (intended to replace the Directive 95/46/EC).
The GDPR aims at improving the level of data protection for data subjects, and at the same time, at "increasing business opportunities in the digital single market including through reduced administrative burden".
After four years of discussion within the European institutions and close to 4,000 suggested amendments, the General Data Protection Regulation (GDPR) has been adopted by the European Parliament on April 14, 2016.
On May 4, 2016, the GDPR has been published in the Official Journal of the European Union. The text will enter into force on May 24, 2016, and shall apply from May 25, 2018.
A timeline of the GDPR's progress is found below.