Press Release

Taking rights seriously: GDPR starts applying today

Today, 25 May 2018, is a landmark in the protection of personal data and privacy of individuals, as the General Data Protection Regulation (GDPR) (EU) 2016/679 starts applying after a long-lasting legislative process.

Published on May 25, 2018

© Copyright: Shutterstock

With this regulation, the EU has legislated a robust solution, which addresses individual rights and relevant obligations of service providers, and is directly applicable to all EU Member States.

Prof. Udo Helmbrecht, Executive Director of ENISA emphasized the significance of 25 May: “Clearly, the application of GDPR, besides its significance from a legal point of view, also gives new impetus to the policy work spearheaded by ENISA in the area of security measures for personal data protection and privacy. In the prospect of its new mandate, ENISA is looking forward to better meeting expectations also among the GDPR stakeholders.”

Compared to the previous legal framework within the EU, GDPR amongst others introduces an enhanced approach on governance, accountability, the role of data protection officers, data breach notifications, risk-based strategies, security measures, consent giving and fines, providing a sound future-proof legal framework in favour of the data subjects. Notions such as “data protection by design and default” and “the right to be forgotten” open up new possibilities in practice for sensible protection of fundamental rights.

ENISA has been engaging with stakeholders of personal data protection and privacy by means of the Annual Privacy Forum (APF), organised annually. APF18 takes place in Barcelona, Spain, on 13-14 June 2018 and it will be organized in collaboration with the Polytechnic University of Catalonia (UPC) and Telefónica. Additional information is available under

ENISA has been a long-standing contributor to EU policy on trust and security in the Digital Single Market as it regularly issues viable recommendations to shape technology according to data protection and privacy provisions, and addressing privacy and personal data protection requirements through technology. Recently, ENISA published suitable reports seeking to translate legal obligations into technical approaches, in particular regarding the security of personal data processing[1][2], privacy and data protection by design, Privacy Enhancing Technologies (PETs), personal data breach notifications, as well as proposing mechanisms for user empowerment (transparency and control) in digital environments.[3][4] 


For more information on policy work of ENISA regarding personal data protection and privacy, please contact:



Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information