Advice to Archives arising from "E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape"

David Anderson, Janet Anderson

Research output: Other contribution


The adoption by the EU of the Data Protection Directive (95/46/EC) marked a pivotal moment in the history of European personal data protection. Two decades later, the fundamental principles around which the Directive was structured continue to be relevant, but the ever-increasing pace of technological change, and globalisation have undoubtedly presented challenges for data protection that the original Directive is ill-equipped to address. The world of the early 21st Century is the world of social networking, apps, cloud computing, location-based services and smart cards. It is almost impossible for individual citizens to go about their daily business, or to buy goods and services without leaving digital footprints. Without effective control over how this information is stored and used, the potential for adverse consequences is obvious.With the introduction of the “General Data Protection Regulation”[1], the European Commission has modernised the EU legal system for the protection of personal data. One of the key policy objectives behind the revisions was to make more consistent the implementation and application of the protection of personal data in all areas of the Union's activities. Anticipated benefits included the strengthening of the rights of individuals, reduced administrative overhead, and an improved flow of personal data within the EU and beyond.The new regime introduces new concepts, and revises the understanding of those drawn from earlier data protection regulation. Not everything has changed, but a great deal has, and nothing should be taken for granted. In the E-ARK deliverable D2.2 “E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape”[2], readers will find a section by section comparison of the existing regulation with the text of the GDPR. The purpose of the current document is to supplement that analysis with a very abbreviated set of discrete recommendations targeted, primarily, at the archives community.In this report suggestions are made under five key areas: The Obligations and Liabilities of Data ControllersConsentPersonal Data Breach NotificationTransfers of personal dataLegal enforcement & PenaltiesWhere advice is offered, it is couched in terms of: What one should Ensure happens, What one should Monitor, What one should Consider [1] Regulation (EU) 2016/679[2] Available from the E-ARK website at
Original languageEnglish
TypeProject deliverable
Publication statusPublished - 9 Feb 2018


  • GDPR


Dive into the research topics of 'Advice to Archives arising from "E-ARK Legal Issues Report: European Cultural Preservation in a Changing Legislative Landscape"'. Together they form a unique fingerprint.

Cite this