The rules aim to protect all EU citizens from privacy and data breaches in an increasingly data-driven world, while creating a clearer and more consistent framework for businesses.
The General Data Protection Regulation has replaced the EU data protection directive, which dates back to 1995. The GDPR was adopted in April 2016 as part of a wide-ranging reform package, which also includes a directive on data processing for law enforcement purposes. A set of new rules on e-Privacy is also currently being considered.
With the General Data Protection Regulation, the European Union has setted a global standard and ensured that fundamental rights, consumer protection and fair competition are strengthened. For the first time, the same high level of data protection rules apply to everyone in the European Union; the new EU-wide rules replace a patchwork of 28 different national regulaments.
The new rules apply to all companies operating in the EU, even if these companies are based outside of the EU.
Furthermore, it will be possible to impose corrective measures, such as warnings and orders, or fines on firms that are breaking the new rules. The maximum ceiling for fines in the most serious infringement cases is 4 % of the company’s total worldwide annual turnover.