The answer can be found a few decades back, looking into the history of data protection. This is the central theme of “GDPR codes of conduct and their (extra)territorial features: a tale of two systems” article written by Carl Vander Maelen, Academic assistant / Ph.D candidate of Law and Technology at the Ghent University. The author describes the transition from the 1995 Data Protection Directive towards GDPR and dives into the circumstances that enabled the shift between those two regulations.
Fast technical advances have pushed us to rethink how to handle personal data, so Mr. Maerlen’s article positions GDPR as the solution for the challenges arising from constant technological innovation.
While the European Union’s 1995 Data Protection Directive1 (hereafter: DPD or 1995 Directive) was an important regulatory innovation to create a data protection framework, it was drafted during a time when the data controller, data processor, data subject, and the means for data processing operations were usually located in the same country.” Carl Vander Maelen
Knowing the speed innovation can have, the regulation that followed the 1995 Data Protection Act had to be future-proof. Here at SCOPE Europe, we see how the GDPR is able to fulfill this need with the help of compliance tools, such as the EU Cloud CoC.
Read Carl Vander Maelen’s article here: academic.oup.com/idpl/advance-article-abstract/doi/10.1093/idpl/ipac018/6808916