In the UK, the primary legislation dealing with data protection is the Data Protection Act 1998 (‘the DPA’).

The DPA was enacted to bring British law into line with the EU Data Protection Directive of 1995, Directive 95/46/EC, (‘the Directive’) which regulates the processing of personal data within the European Union.

This Directive required Member States to protect people’s right to privacy with respect to the processing of personal data and is an important component of EU human rights law.


In 2018 a comprehensive reform of EU data protection law will take place when the General Data Protection Regulation, (‘GDPR’), comes into effect. This will replace the Directive and DPA and will strengthen the rights of individuals by introducing some fundamental changes to the way that organisations must handle and protect the data they process.

To find out more information about the GDPR click here.


In 2000 the EU and USA reached an agreement known as ‘Safe Harbour’. This was intended to ensure that personal data could be transferred from the EU to the US in compliance with the Directive. However, On 6 October 2015 the European Court of Justice ruled that Safe Harbour was invalid. This has profound implications for organisations transferring personal data between the USA and Europe.

To find out more information about Safe Harbour click here.


In February 2016, the European Commission and the United States agreed on a new framework to permit transatlantic transfers of personal data and replace Safe Harbour, called ‘Privacy Shield’. However, Privacy Shield is not a ‘done deal’. The European Parliament has made it clear that it has concerns about how the arrangement would work in practice.

To find out more information about Privacy Shield click here.

Don’t delay, call DataHelp now on 07902 395989 or use our contact form