The legal consequences for institutions. The aim of this study is to set out the new legal framework that has appeared in the European Union following the repealing of the 1995 European Directive on Data Protection on approving the new and significant General Data Protection Regulation (GDPR). This study provides an overview and a more detailed examination of the topic, based on an analysis of the legal framework established by the Directive in 1995 and the regulation proposals of 2012 that emerged in Europe and in the United States, followed by a study of the principal reforms contained in the GDPR of 2016. The study is concluded by identifying the most significant practical applications. The GDPR implies very important new rules that will be applied across the EU and that will directly affect every Member State. Furthermore, its aim is to overcome the existing fragmented regulations and to modernise the principles of privacy in the European Union. The practical and social implications of the GDPR are very significant as it constitutes a single and updated set of rules applicable in the whole of the EU and for all the data processing of European citizens.