Incorporation of the General Data Protection Regulation (GDPR) into the EEA Agreement and continued application of Directive 95/46/EC

Published 05-06-2018
The General Data Protection Regulation (GDPR) (EU) 2016/679 entered into force in the EU on 25 May 2018.

A lot of work has been undertaken in recent months to ensure its timely incorporation into the EEA Agreement. A Joint Committee Decision (JCD) incorporating the GDPR was adopted by the EEA Joint Committee on 6 July 2018 and is expected to enter into force in the EEA EFTA States in mid-July 2018.

Until then the Data Protection Directive 95/46/EC remains applicable in the EEA Agreement thus ensuring that data can continue to flow freely between the EEA EFTA States and the EU Member States.

For more information about how EU acts become EEA acts, please see a note by Subcommittee V on ‘How EU acts become EEA acts and the need for adaptations’.

In addition to the adoption of a JCD incorporating the GDPR into the EEA Agreement, the national parliaments of the EEA EFTA States need to amend national legislation in accordance with the rules of the GDPR.

Once parliamentary approval has been given by all three national Parliaments (fulfilment of constitutional requirements) and the JCD has been incorporated into the EEA Agreement, the GDPR becomes applicable throughout the EEA.

Read more on Data Protection here


Was the content helpful?