EU Data Protection Directive (Directive 95/46/EC)

EU Data Protection Directive (also known as Directive 95/46/EC) is a regulation adopted by the European Union to protect the privacy and protection of all personal data collected for or about citizens of the EU, especially as it relates to processing, using or exchanging such data.

The EU Data Protection Directive is based on recommendations first proposed by the Organisation for Economic Co-operation and Development's (OECD). These recommendations are founded on seven principles:

• Subjects whose data is being collected should be given notice of such collection.
• Subjects whose personal data is being collected should be informed as to the party or parties collecting such data.
• Once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
• Personal data should not be disclosed or shared with third parties without consent from its subject(s).
• Subjects should granted access to their personal data and allowed to correct any inaccuracies.
• Data collected should be used only for stated purpose(s) and for no other purposes.
• Subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.

The Data Protection Directive is superseded by the General Data Protection Regulation (GDPR), which was adopted by the European Parliament and European Council in April 2016 and will become enforceable in May 2018. The new regulation expands upon previous requirements for collecting, storing and sharing personal data and requires the subject's consent to be given explicitly and not checked off by default.