At present, a company, either small/medium enterprise or huge corporation, develops its activities within a competitive environment where solely the perspicacious one could gain a profit and hold or improve its positions on the market. Therefore, “firms increasingly buy all or at least parts of selected services they need from external service providers. This is especially true for services which rely to a great extent on new information and communication technologies and they carry out that task by means of outsourcing. The aim of the present research is to examine how a premature termination of a business process outsourcing project (hereafter BPO) might infringe upon several major provisions of the current EU data protection framework. Such a question is relevant because of the technological means inherent in a BPO through which personal data are being processed, and of the great possibility for unlawful data processing after a premature termination of the project. Therefore, a BPO falls under the scope of regulation by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Ultimately, as the research will show, the DPD 95/46/EC as a legal instrument devoted to protect the right to personal data protection turns to be unable to provide sufficient protection on the data subjects’ rights in the context of prematurely terminated BPO contract. Therefore, the Proposed Data Protection Regulation represents an instrument that could deal properly with the said issue, especially if some proposals for amendments made within the present paper be taken into account.