In some Member States the protection of personal data has already been regulated a while ago. In 1970 the world's first data protection law came into effect in Hessen (Germany). In all Member States of the European Union, national data protection laws apply until 24 May 2018. By means of those the EU Directive 95/46 / EC was implemented. The current rules provide natural persons with a certain - but not sufficient - protection from the missuse of the personal data concerning him or her. This is why the General Data Protection Regulation enters into force on May 25, 2018.

The Union legislator grants fundamental rights protection the individual whose personal data are processed, Art. 8 the Charta of Fundamental Rights. However, in some Member States  had been already recognized before the entry into force of the Charter. The basic right to self-determination in the Federal Republic of Germany was defined by the Federal Constitutional Court already in 1983, which derived it from Art. 1 (1), 2 (1) of the Constitution (1). It should now be indisputable that personal data must be adequately protected.