This chapter analyses the core regulatory goals and instruments of EU data protection law comparing the starting point, the Data Protection Directive of 1995 (DPD), and the present General Data Protection Regulation of 2018 (GDPR). It highlights that the regulatory goals have been enlarged by consumer protection and fair competition, that the regulatory concept has integrated the risk-based approach, and that instruments of enforcement have been strengthened. Overall, however, global digitality has made data protection law more important than ever.