GDPR Timeline: The Evolution of Data Security

May 9, 2018 · 3 min read

After years of stagnation, General Data Protections Regulation (GDPR) will be an absolute game changer for data security.

The past couple decades have seen our lives become infused with virtual marketplaces, SaaS services, and digital marketing practices…Yet the laws governing user privacy were written in the ’90s (in the European Union, at least).

Indeed, online security standards have remained woefully stagnant throughout technology’s rapid ascent. But, exponential progress in one field necessitates reactionary progress in others.

Enter: GDPR.

We’ve already detailed how GDPR is changing security measures and provided a brief “CliffNotes” of the essential need-to-knows.

The GDPR timeline explains why the game needed changing in the first place:

Look to the past

If GDPR is the sleek high-rise apartment building, Data Protection Directive 95/46/EC (DPD) is the rickety shack the city is knocking down to make space.

Passed in 1995, the DPD’s foundation isn’t actually too dissimilar to that of the GDPR, at least in theory. As the first major law to safeguard users’ online presence, the DPD focuses on familiar pillars such as consent and notification of data collection, transparency about data use, and the safety of said information.

That said, the DPD is more rubber than metal. The rules are somewhat ambiguous and not uniform across the EU. And, considering the overwhelming technological progress made this century, they’ve become particularly outdated.

Twenty three years outdated, in fact.

A brief GDPR timeline

1995: The EU adopts the DPD, and eventually signs it into law in 1998.

For the better part fifteen years, the DPD sits perched in EU law with little disturbance apart from the occasional minor amendment. Meanwhile, technology skyrockets, possibly too quickly for data safeguards to respond appropriately. Not until 2012 did serious conversations of fortifying online security emerge.

By 2014, a version of the GDPR is pushed forward by the European Parliament with overwhelming support.

Throughout 2015, GDPR slowly trudges through EU legislative stages until reaching full approval by December of that year.

2016: Both the Council of the EU and European Parliament adopt the updated regulation. They agree to allow two years on the GDPR timeline for businesses to adjust their practices accordingly.

May 25th, 2018: The proverbial D-day for GDPR compliance worldwide.

What will the future hold?

When GDPR becomes enforceable come May 25, don’t expect the world to turn on a dime. According to GDPR: Report, the arduous “journey” to full compliance may take up to five years for some companies.

Undoubtedly, there will be organizations who mistakenly shrug off GDPR and others who simply overlook security inadequacies. In short: prepare for growing pains.

To avoid the potential fines and penalties of GDPR noncompliance, make sure to stay in the know and consult your team’s legal experts.

On our end, we will continue publishing GDPR insight on our blog in the weeks to come, including an article on how Evercontact has reached compliance.

If you have any questions whatsoever about our approach to GDPR, please reach out to We’d love to hear from you!


Official Journal of the EU


GDPR: Report

Digital Guardian



IT Pro

Originally published at Blog | evercontact.


Written by

Never lose contact again. Let Evercontact keep your address book up-to-date, magically creating new contacts and updating existing ones.