Companies in Europe will have to comply with updated rules on data protection from next May, when the General Data Protection Regulation (GDPR) will start to apply .
The new regulation will update the 1995 Data Protection Directive — introduced at a time when the digital age was in its infancy — and will impact both citizens and businesses. Giovanni Buttarelli, the European data protection supervisor, told CNBC in an interview that it was "time for a new culture in terms of data protection.".
The changes that will come with the GDPR are significant. Among other things, it will boost people's right to be forgotten and guarantee free, easy access to personal data.
Organizations and businesses will also have to inform people about data breaches that could negatively impact them, and do this "without undue delay. " Relevant data protection supervisory authorities also need to be informed.
The European Commission (EC) has said that a new single law on data protection will replace "the current inconsistent patchwork of national laws. " Businesses, it says, will be able to deal with one law rather than 28, with the financial benefits estimated at 2.
3 billion euros ($2.