Introduction of the Data Protection Directive As humanity has progressed, technology has had a huge impact on society for two centuries. In the last 20 years alone, our world has changed dramatically with the advent of the Internet. The ease of gathering information globally has led to the emergence of new laws aimed at protecting natural persons. Therefore, data protection is a third generation fundamental right included in the Charter of Fundamental Rights of the European Union, a legally binding document in the EU since the entry into force of the Treaty of Lisbon in December 2009. In Article 8 of the Charter it is established that personal data must be processed correctly and with the consent of the person concerned. The confidentiality of personal data has been a growing concern and in 1995 the EU adopted a Data Protection Directive (Directive 95/46/EC) which establishes extensive standards regarding the processing and free movement of personal data within the within the 15 Member States. The directive provides a framework that allows EU countries to adopt national laws to prevent the unauthorized dissemination of citizens' personal data. The directive has a dual objective: the protection of natural persons with regard to the processing of personal data and the free movement of such data. data . Member States must protect citizens' right to privacy regarding the processing of personal data. A series of definitions are outlined in the text of the directive: personal data refers to any information relating to a natural person (address, credit card number, medical record, etc.); The term processing refers to any set of operations performed on personal data, regardless of whether the processing is automated or not; The data controller is a natural... means of paper... or the risk of improper use of such data. Professor Spiros Simitis is often referred to as one of the fathers of data protection law in Europe based on his work on the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG). He expressed concern about the automated data collection process and possible situations where this data is incorrectly entered into the database which could have serious consequences when the information is used in another database or transferred to third parties. When information relating to a disease is lost during the automated process, the remaining data will include limited information relating to the data subject and therefore prevent the latter from receiving the necessary medical treatment. To prevent these types of risks, rules are in place to standardize the processing of extremely important data to avoid an inaccurate dataset.