On 25 May 2020, the General Data Protection Regulation celebrated 2 years since its entry into application.
The General Data Protection Regulation is a single set of rules of EU law to the protection of individuals in relation to the protection of personal data, directly applicable in the Member States. It reinforces trust by putting individuals back in control of their personal data and at the same time guarantees the free flow of personal data between EU Member States. The protection of personal data is a fundamental right in the European Union.
The GDPR has been applicable since 25 May 2018. Since then, Member States have adapted their national laws in the light of GDPR. The National Data Protection Authorities are in charge of enforcing the application of the new rules and are coordinating their actions thanks to the new cooperation mechanisms and the cooperation within the European Data Protection Board. The Board is, amongst others, issuing guidelines on key aspects of the GDPR to support the consistent application of the new rules.
GDPR regulators have been busy the last 2 years. They issued hundreds of fines to companies, including Google and Facebook, more than €114 million. During the past two years, citizens and businesses have become more aware of the importance of data protection. The Commission has supported this growing awareness through online communication efforts such as a web guidance that 4.3 million businesses and citizens consulted over the last two years.