Marking 10 years of the GDPR: the evolution of the European data protection landscape

01 June 2026

27  April 2026 marked the 10th anniversary of the GDPR’s adoption, the first comprehensive data protection framework spanning an entire continent, establishing clear rights for individuals and obligations for organisations across Europe.

The GDPR led to the establishment of the European Data Protection Board (EDPB) on 25 May 2018, replacing the Article 29 Working Party that was previously in charge of dealing with issues relating to the protection of personal data.

The GDPR gave the Data Protection Authorities (DPAs) stronger enforcement powers and expanded the scope of their work from focusing mainly on national compliance complaints to routinely dealing with cross-border cases.

In the past 10 years, the 31 European DPAs comprising the EDPB and the IDPC have worked together to ensure the consistent enforcement of the GDPR and a harmonised data protection approach across Europe.  

Today, the GDPR is part of a broader and evolving European digital framework, alongside other digital laws such as the Digital Services Act, the Digital Markets Act, and the AI Act. In a world shaped by artificial intelligence, platform economies, and increasing data-driven innovation, the GDPR ensures that technological progress goes hand in hand with the protection of individuals’ fundamental rights.

Read more here