Skip to main content

Know your rights

Everyone has the right to

  • the protection of personal data concerning him or her

  • access to data which has been collected concerning him or her, and the right to have it rectified

This right is enshrined in article 8 of the Charter of Fundamental Rights.

    What to do if your rights have been breached

    The authorities of EU countries are bound to comply with the Charter of fundamental rights only when implementing EU law. Fundamental rights are protected by your country's constitution.

    EU-level data protection bodies

    The regulation on the protection of individuals with regard to the processing of personal data by EU institutions established a European data protection supervisor (EDPS). The EDPS is an independent EU body responsible for monitoring the application of data protection rules within European Institutions and for investigating complaints.

    The European Commission has appointed a data protection officer who is responsible for monitoring and the application of data protection rules in European institutions. The data protection officer independently ensures the internal application of of data protection rules in cooperation with the European data protection supervisor.

    What the Commission is doing to protect your rights


    The European Commission put forward its EU Data Protection Reform in January 2012 to make Europe fit for the digital age. More than 90% of Europeans say they want the same data protection rights across the EU – and regardless of where their data is processed.

    The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens, leading to savings for businesses of around €2.3 billion a year.

    The directive for the police and criminal justice sector protects citizens' fundamental right to data protection whenever personal data is used by criminal law enforcement authorities. It will in particular ensure that the personal data of victims, witnesses, and suspects of crime are duly protected and will facilitate cross-border cooperation in the fight against crime and terrorism.

    On 15 December 2015, the European Parliament, the Council and the Commission reached agreement on the new data protection rules, establishing a modern and harmonised data protection framework across the EU. The European Parliament's Civil Liberties committee and the Permanent Representatives Committee (Coreper) of the Council then approved the agreements with very large majorities. The agreements were also welcomed by the European Council of 17-18 December as a major step forward in the implementation of the Digital single market strategy.

    On 8 April 2016 the Council adopted the regulation and the directive. On 14 April 2016 they were adopted by the European Parliament. On 4 May 2016, the official texts were published in the EU Official Journal in all the official languages. The regulation came into force on 24 May 2016 and will apply from 25 May 2018. The directive entered into force on 5 May 2016 and EU countries have to transpose it into their national law by 6 May 2018.

    Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

    Directive (EU) 2016/680 on the protection of natural persons regarding processing of personal data connected with criminal offences or the execution of criminal penalties, and on the free movement of such data.


    Citizens, Equality, Rights and Values programme (CERV)


    4 MAIO 2017
    EU Charter of Fundamental Rights infograph - where to go in case of breach?
    (289.74 KB - PDF)