All information here was borrowed from the GDPR website https://eugdpr.org

Although Directive 95/46/EC was meant to bring together the laws of different member states, it was still a directive, which left some room for interpretation during the transposition into individual national law. This fact, along with todays rapidly changing data landscape, has led to the necessity for another update to the regulatory environment of the EU. The incoming GDPR is a much larger piece of legislation and the changes it brings, along with the impacts it will have among businesses, can be found in our key points summary here. Most importantly, as a regulation and not a directive, it will become immediately enforceable law in all member states.

The main principles on privacy are still true to form with both the previous directive and the OECD guidelines, however, social media and cloud storage were not a reality in 1995 as only about 1% of the European population was using the internet. With modern technology, we are creating more personal data than ever before, and the processing of that data has become ubiquitous. The GDPR is meant to update the standards to fit todays technology while remaining general to simply protect the fundamental rights of individuals throughout future waves of innovation.