On 14 April 2016 the European Parliament voted in favour of the new General Data Protection Regulation ("GDPR"), which will replace current EU data protection legislation:

http://europa.eu/rapid/press-release_STATEMENT-16-1403_en.htm

Amongst other things, it is intended that the GDPR will:

  • harmonise the national data protection legislation of the 28 EU Member-States;
  • allow the digital economy to develop across the single market;
  • put individuals in control of their own data; and
  • reinforce legal and practical certainty for economic operators and public authorities.

This legislation has significant implications, not least as it will have extraterritorial effect and data protection authorities will have the power to issue non-compliant companies with fines of up to 4% of global annual turnover.