Strengthening consumer confidence online is necessary for the development of a digital single market. This includes ensuring a high level of protection of privacy and personal data protection.

A proposal for a regulation on privacy and data protection in electronic communications was published on 10 January 2017 to update the existing 2002 legislation. The other measures include a regulation on the processing of data by the Union institutions. The intention is to ensure their adoption by 25 May 2018 when the GDPR will begin to apply to provide citizens, companies and institutions with a coherent legal framework.

The GDPR privacy regulation replaces Directive 2002/58 / EC (electronic privacy), as amended by Directive 2009/136 / EC, by providing for specific rules on the protection of personal data for electronic communications services.

In addition to a public consultation held in 2016, the Commission has adopted the Regulatory Framework (‘REFIT’) of the ePrivacy Directive. This assessment shows that while the principles of the 2002 Directive remain current, important technological and economic changes have taken place in recent years as consumers and businesses increasingly rely on new Internet-based services that allow communications such as voice over IP and web-based e-mail services (e.g., WhatsApp, Facebook); these “communication services” (“OTTs”) are not covered by this Directive.

Virtual Systems offers its clients:

  • training services for employees to meet the requirements of GDPR;
  • consulting services covering the performance of DPO’s duties;
  • cyber security company accompaniment with periodic IT security audits, risk assessment, threat intelligence, management recommendation for change, implementation of appropriate technical security solutions.

One of the main concepts in GDPR is the Continuity of training on topics related to regulatory compliance management .

The trainings are based on GDPR and all recommendations published in the Official Journal of the European Union in combination with many real implementations of personal data security management cases.


The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her.


The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should, whatever their nationality or residence, respect their fundamental rights and freedoms, in particular their right to the protection of personal data. This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.


The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.


The economic and social integration resulting from the functioning of the internal market has led to a substantial increase in cross-border flows of personal data. The exchange of personal data between public and private actors, including natural persons, associations and undertakings across the Union has increased. National authorities in the Member States are being called upon by Union law to cooperate and exchange personal data so as to be able to perform their duties or carry out tasks on behalf of an authority in another Member State.


Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly. Technology allows both private companies and public authorities to make use of personal data on an unprecedented scale in order to pursue their activities. Natural persons increasingly make personal information available publicly and globally. Technology has transformed both the economy and social life, and should further facilitate the free flow of personal data within the Union and the transfer to third countries and international organisations, while ensuring a high level of the protection of personal data.


Those developments require a strong and more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market. Natural persons should have control of their own personal data. Legal and practical certainty for natural persons, economic operators and public authorities should be enhanced.


Where this Regulation provides for specifications or restrictions of its rules by Member State law, Member States may, as far as necessary for coherence and for making the national provisions comprehensible to the persons to whom they apply, incorporate elements of this Regulation into their national law.


Timeline 2018

Application of new EU law


May 6                  Police Directive

May 9                  NIS Directive

May 25               GDPR and PNR Directive

June 2 * (April 1, 2018)  Portability Regulation

June 9                  Trade Secrets Directive

July 1                   Travel Directive

July 13 * (January 13, 2019)       Payment Services Directive 2 (PSD 2)

October 1           Insurance Distribution Directive

The Police Directive and proposed ePrivacy Regulation

DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to theprocessing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA​

The New Police Directive aims at protecting the fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It is intended to ensure in particular, that the personal data of victims, witnesses, and suspects of crime are duly protected and to facilitate cross-border cooperation in the fight against crime and terrorism.

The Directive was initially proposed in 2012 as part of the data protection reform package launched by the EU Commission. The final text was adopted in April 2016 and published in the Official Journal of the EU on 4th May 2016, together with the General Data Protection Regulation (GDPR). EU Member States shall transpose the Directive in their national laws by 6th May 2018. The Directive repeals the Council Framework Decision 977/2008/JHA, which currently facilitates the exchange of information for Police and Judicial Cooperation.
Search Engine Optimization