After over 15 years of discussions and negotiation, the European Union (EU) released the Data Protection Directive (Directive 95/46/EC) in 1995. Considered the first formal data protection policy, the directive regulated the processing of personal data for all the EU citizens and applied to companies outside the EU region that processed data for EU residents. In April 2016, the EU Parliament approved the General Data Protection Regulation (GDPR) to replace the Data Protection Directive to strengthen and unify data protection for all individuals within the EU and address the export of personal data externally.