CEE: General Data Protection Regulation - Key News 22.06.2017 The General Data Protection Regulation (“GDPR”) was approved on 27 April 2016 and is set to come into force on 25 May 2018. It will replace the current national legislations on data protection and the EU Data Protection Directive of 1995 (“Directive”) on the protection of individuals with regard to the processing of personal data and the free movement of such data. In order to provide consistent and homogenous rules for personal data protection, the GDPR will be directly applicable. This means that Member States do not have to transpose the Regulation into their own legislation. The declared objective of the GDPR is to achieve a high level of protection of the rights of EU citizens against unauthorised use of their data and personal data. The GDPR affects all companies, individuals or other institutions which process users’ data. As a result, it is necessary for all those concerned to review their information systems and the ways they treat personal data. Further details can be found here.