Privacy β or personal data protection β refers to the set of rules, principles and practices designed to guarantee respect for private life and individual control over personal data. It is now at the heart of digital transformation, the development of artificial intelligence and responsible data governance.
The General Data Protection Regulation (GDPR), applicable since 25 May 2018, is the cornerstone of data protection within the European Union. It governs the processing of personal data of European residents by all companies and public bodies, including those located outside the EU.
The GDPR introduced:
A logic of proactive accountability;
The obligation to document compliance;
Strengthened rights for individuals (access, rectification, erasure, portability);
Dissuasive sanctions of up to β¬20 million or 4% of global annual turnover.
Its purpose is twofold:
Return control of personal data to European citizens;
Harmonise protection rules to facilitate economic exchanges in the single market.
Since 2018, the European framework has expanded into a comprehensive data regulation ecosystem:
GDPR
Personal data protection
2018
Data Governance Act (DGA)
Facilitate secure sharing of public and private data
2022
Data Act
Guarantee portability and fair access to industrial data
2025
AI Act
Regulate the development, deployment and use of AI systems
2026
NIS 2 / Cyber Resilience Act
Strengthen the security of information systems and digital products
2024β2025
Adopted in 2024, the EU Artificial Intelligence Act (AI Act) establishes the first comprehensive legal framework for AI. It requires organisations to **do
Last updated
Was this helpful?
Was this helpful?
