62 IRINA ALEXE
the Right to respect for private and family life4, as well as the right to protection of
We showed in the introduction that the regulation itself does not constitute a
novelty in this field and that this establishes both provisions concerning protection
of natural persons with regards to personal data protection, and provisions
concerning the free flow of personal data. We should also mention that, from its
very first article, the Regulation institutes the rule according to which it „ protects
fundamental rights and freedoms of natural persons and in particular their right to
the protection of personal data”, but also the rule according to which “The free
movement of personal data within the Union shall be neither restricted nor
prohibited for reasons connected with the protection of natural persons with
regard to the processing of personal data”. The new Regulation has at its core these
two main fields which intertwine and between which it must exist proportionality
and a reasonable balance, in such a manner that the purpose of the Regulation to
be achievable. Besides, the regulation provides expressly in its preamble the fact
that the main goal it is to adapt and to update the principle and objectives
previously set by the directive, so as to put them in accordance with the
Taking into consideration the fact that the recent doctrine6 analysed the path
taken at the scale of the European Union’s institutions, from the Directive to the
Regulation, in order to regulate the protection of personal data7, we will not
further detail these aspects. We will emphasize nevertheless both general and
specific considerations which differentiate the Directive from the Regulation.
Hence, according to the provisions of art. 288 and 289 of TFEU, both the
directive and the Regulation are legislative acts adopted by the European
Parliament and by the Council of the European Union. Given that the directive is
mandatory for each recipient member state with regards to the expected result,
4 Please refer to the text of art.7 from the Charter of Fundamental Rights of the European Union.
5 Please refer to the text of art.8 from the Charter of Fundamental Rights of the European Union.
6 Please refer to, for example, I. Alexe, C. M. Banu, De la directiv la regulament în reglementarea
proteciei datelor cu caracter personal la nivelul Uniunii Europene, în I. Alexe, N. D. Ploeşteanu, D. M.
Şandru (coord.), Protecia datelor cu caracter personal, Ed. Universitar, Bucureşti, 2017, p. 14-40; N. D.
Ploeşteanu, A. Mariş, Viziunea Regulamentului general privind protecia datelor personale
679/2016(RGDP) într-o societate digital, în I. Alexe, N. D. Ploeşteanu, D. M. Şandru (coord.), op. cit, p.
77-127. For a detailed analysis on the powers and the role of the Data Protection Authorities: P. Schütz,
The Set Up of Data Protection Authorities as a New Regulatory Approach, în vol. S. Gutwirth, R.
Leenes, P. de Hert, Y. Poullet, (Eds.), European Data Protection: In Good Health?, Springer, 2012, p. 125.
7 According to the provisions of art.4 (1) of GDPR, ‘personal data’ means any information relating to
an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification
number, location data, an online identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person;