Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly since 1995: people are posting to social media, blogging, shopping online, using mobile applications, to be concise sharing their personal information with companies and other people all over the world.
The world has changed significately in past 23 years, consequently it become necessary to establish stronger and more coherent data protection framework in the EU. The General Data Protection Regulation (EU) 2016/679 (GDPR) has goal to harmonize data protection rules across the EU, in place of the fragmented data protection system which varied quite widely between member states, as each had differently implemented the Directive 95/46/EC (the Data Protection Directive) which was on force until 25 May 2018. As an EU Regulation, no local law implementation is required to adopt the GDPR, which applies directly in each member state. Before implemetation of GDPR in EU existed 28 different laws on data protection, so some cases were subjeced to different interepretatios in various states.
The GDPR reduces the ability of individual member states each creating their own slightly different version of it. However, national variations will persist in some areas (e.g. national security and investigations into criminal offences, processing of employee data and processing for archiving, scientific or historical research and statistical purposes).