The Data Protection Directive and GPDR
Before the General Data Protection Regulation (GDPR) came into effect in May 2018, the primary data protection legislation in the European Union was the Data Protection Directive (DPD) 95/46/EC. The DPD was adopted in 1995 and provided a framework for the protection of personal data within the European Union. However, the DPD was seen as outdated and not sufficiently robust in the face of technological advancements, and there were also inconsistencies in how it was implemented across different EU member states. The GDPR was therefore introduced to replace the DPD and provide a more modern, harmonised, and effective framework for data protection across the EU.
Background of the Data Protection Directive
The DPD was introduced in response to the increasing use of electronic data processing and computer technology in the EU in the 1980s and 1990s. This technological development led to concerns that personal data could be easily misused, leading to violations of individual privacy and freedom. The DPD was aimed at establishing minimum standards for the protection of personal data and ensuring that EU citizens’ rights to privacy were respected in the digital age.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
The Main Provisions of the Data Protection Directive
The DPD was a comprehensive piece of legislation that covered all aspects of the collection, processing, and storage of personal data. Its main provisions included:
1. Personal Data Definition
The DPD defined personal data as any information relating to an identified or identifiable natural person. This included not only data such as names and addresses but also data that could identify individuals indirectly, such as IP addresses or cookie data.
2. Data Processing Principles
The DPD established six principles that data controllers had to adhere to when processing personal data. These principles were:
- Personal data must be processed fairly and lawfully.
- Personal data must be collected for specified, explicit, and legitimate purposes and not be further processed in a way incompatible with those purposes.
- Personal data must be adequate, relevant, and not excessive in relation to the purposes for which they are processed.
- Personal data must be accurate and, where necessary, kept up to date.
- Personal data must not be kept for longer than is necessary for the purposes for which they were collected.
- Appropriate technical and organisational measures must be taken to protect personal data from unauthorised or unlawful processing.
3. Data Subject Rights in the DPD
The DPD granted a number of rights to data subjects, including the right to access their personal data, the right to have inaccurate data corrected, and the right to object to the processing of their data. Data subjects also had the right to request that their data be deleted if it was no longer necessary for the purposes for which it was collected.
4. Data Controller Obligations in the DPD
The DPD established obligations for data controllers, including the requirement to register with a supervisory authority, provide data subjects with certain information, and obtain consent before processing sensitive personal data.
5. Data Transfer in the DPD
The DPD regulated the transfer of personal data outside the EU, requiring data controllers to ensure that adequate protection was in place before transferring data to countries outside the EU.
Start your privacy cleanup with the big picture
A GDPR Risk report gives you a complete overview of the privacy risk in your company. The report is based on a scan with DataMapper.
Impact of the Data Protection Directive
The DPD had a significant impact on data protection in the EU. It established a framework for the protection of personal data and ensured that EU citizens’ privacy rights were respected in the digital age. The DPD also paved the way for the GDPR, which replaced it in 2018.
However, the DPD was not without its limitations. Its provisions were not always clear, and it was often difficult to enforce. There were also inconsistencies in how the DPD was implemented across different EU member states, leading to confusion and a lack of harmonisation.
Do you want help with the Data Protection Directive?
At Safe Online, we create SaaS tools that help companies handle sensitive data in accordance with various data laws such as the Data Protection Directive. Our tools are:
DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily
Sebastian Allerelli
Founder & COO at Safe Online
Sebastian is the co-founder and COO of Safe Online, where he focuses on automating processes and developing innovative solutions within data protection and compliance. With a background from Copenhagen Business Academy and experience within identity and access management, he has a keen understanding of GDPR and data security. As a writer on Safe Online's Knowledge Hub, Sebastian shares his expertise through practical advice and in-depth analysis that help companies navigate the complex GDPR landscape. His posts combine technical insight with business understanding and provide concrete solutions for effective compliance.
