What replaced the EU Data Protection Directive in May 2016?

The General Data Protection Regulation (GDPR) replaced the EU Data Protection Directive in May 2016. This regulation was designed to strengthen data protection for individuals within the European Union and the European Economic Area, providing a comprehensive framework for data privacy. Unlike the previous directive, which primarily set out minimum standards for data protection that EU member states were required to implement in their national law, the GDPR is directly applicable in all member states, allowing for a more uniform application of data protection rules across the EU.

The GDPR emphasizes the rights of individuals, such as the right to access their personal data, the right to data portability, and the right to erasure (also known as the 'right to be forgotten'). It also imposes stricter obligations on organizations that handle personal data, including requirements for consent, data breach notifications, and data protection impact assessments. This comprehensive approach reflects the growing importance of personal data privacy in the digital age and aims to provide individuals with stronger control over their personal information.