As of today, the new EU-wide data protection rules are becoming applicable after a two year transition period. The reform is an essential step to strengthening citizens' fundamental rights in the digital age and facilitating business by simplifying rules for companies in the Digital Single Market.
On 6 April 2016, the EU agreed to a major reform of its data protection framework, by adopting the General Data Protection Regulation replacing the twenty years old Directive.
The Regulation updates and modernizes the principles enshrined in the 1995 Data Protection Directive to guarantee privacy rights. It focuses on reinforcing individuals' rights; strengthening the EU internal market; ensuring stronger enforcement of the rules; streamlining international transfers of personal data and setting global data protection standards.
The changes will give people more control over their personal data and make it easier to access it. They are designed to make sure that people's personal information is protected – no matter where it is sent, processed or stored – even outside the EU, as may often be the case on the internet.
For citizens, the reform provides tools for gaining control of one's personal data, the protection of which is a fundamental right in the European Union. The data protection reform will strengthen citizens' rights and build trust.
For businesses, the reform provides clarity and consistency of the rules to be applied, and restores trust of the consumer, thus allowing undertakings to seize fully the opportunities in the Digital Single Market.
The data protection reform is geared towards stimulating economic growth by cutting costs and red tape for European business, also for small and medium enterprises. By having one rule instead of 28, the EU's data protection reform will help SMEs break into new markets. In a number of cases, the obligations of data controllers and processors are calibrated to the size of the business and/or to the nature of the data being processed.