Nowadays data has become one of the most important value which raises the question of protecting personal data. The European Union responds to the challenge by legal instruments: since 25 May 2018 it has been obligatory for the member states to apply GDPR. In the article, first I study the novelties of GDPR. Then I examine to what extent the provisions apply to libraries and archives.

The novelties can be divided into several larger groups. Some of them belong to the data subjects (data portability, right to be forgotten, pseudonymisation), the other parts are principles like data protection by design and by default or the closely related accountability principle. The Regulation also introduces a new legal institution, the data-protection impact assessment and requires the notification of personal data breach. Concerning the expected impacts, it is clear that the Regulation strengthens the rights of the data subjects but imposes new obligations on data controllers and strengthens the role of control. GDPR is a determinative law for the undertakings and business life, and it must also be applied by libraries and archives. For archiving purposes in the public interest, however, the Regulation allows for exemptions concerning libraries and archives. The provisions require libraries and archives to identify the risks that may occur while processing personal data as well as to examine their regulations.