In some Member States the protection of personal data was regulated very early on. The world’s first data protection law came into force in Hesse (Germany) in 1970. National data protection laws still apply in all current member states of the European Union up to and including May 24, 2018. These implement the EU directive 95/46/EG. The current regulations grant natural persons a certain – but not yet sufficient – protection against misuse of the personal data concerning them. Therefore, the General Data Protection Regulation applies from May 25, 2018.
The Union legislature also prominently grants the individual whose personal data is processed fundamental rights protection, Art. 8 GRCh. In some member states, however, this was already recognized before the Charter of Fundamental Rights came into force. The basic right to informational self-determination in the Federal Republic of Germany was created in 1983 by the Federal Constitutional Court, which derived it from Article 1(1), Article 2(1) of the Basic Law (1). It should now be undisputed that personal data must be adequately protected.