EU’s General Data Protection Regulation – Silence Before The Storm

Since its genesis, the General Data Protection Regulation (GDPR) has been winding its way through the long and arduous EU law-making process.  If you did not follow this process, here is your chance to catch up in a few minutes.  If you are on top of the process to date, check back in next week when we start exploring the major concepts of the GDPR.

Where Are Things Up To?

  • The legislative process kicked-off in November 2010 when the European Commission concluded that the EU Data Protection Directive needed revision as it was no longer keeping up with technological developments and globalization.
man with tablet
  • Things started to take shape in January 2012 when the Commission released its legislative proposal recommending that the Data Protection Directive be replaced by the GDPR.


  • The Commission’s proposal has since been put under the microscope by the European Parliament (which represents the EU citizens) and the Council of Ministers of the European Union (which represents the 28 EU member states) during their respective first readings in which they each adopted their own versions of the GDPR.
  • The EU Parliament released its preferred draft of the GDPR in March 2014. Council followed with its “general approach” (ie, a GDPR version signed-off by all 28 EU member states) in June this year which opened the door to the so-called “trilogues”.

  • As if that is not enough, the Article 29 Working Party and the EDPS have also weighed in on the process by issuing their opinions on how the GDPR should look like.  Helpfully though, the EDPS has released a side-by-side comparison of the four draft versions of the GDPR (including the drafts of the Commission, Parliament, Council and the EDPS) which is available in PC format and also as a mobile app.

The Trilogues

  • The “trilogues” are informal negotiations led by representatives of the EU Commission, Parliament and Council behind closed doors.  The aim is for the three institutions to agree a package of amendments acceptable to each of them.

  • The GDPR trilogues started in June and are scheduled to conclude in December.  Two of six scheduled meetings have taken place already but hardly any details have emerged.
presenting gdpr
  • If the institutions succeed in agreeing a final text of the GDPR during trilogue discussions, each of the three institutions has to formally approve such agreement and the GDPR will come into force after a two-year transitional period.  If the trilogues do not result in a compromise text being agreed, the proposal will enter the next reading stage and the legislative process could go on for much longer.

What Next?

Things have gone a bit quiet now due to the fact that the trilogues take place behind closed doors.  But this is the silence before the storm.  Come December, chances are we will finally know the details of the GDPR and things will move fast from there.  So, get up to speed with us by following our forthcoming analyses of the major concepts and provisions of the GDPR!

map of europe

Leave a Comment