Last April, the European Parliament adopted the General Data Protection Regulation (GDPR).
It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU. Companies that do business in EU countries or process the personal data of EU citizens must be in compliance by May 25, 2018. (For more detail on what the GDPR means to U.S. businesses, see “General Data Protection Regulation (GDPR) requirements, deadlines and facts.”)
The provisions are consistent across all 28 EU member states, which means that companies have just one standard to meet within the EU. However, that standard is quite high and will require most companies to make a large investment to meet and to administer.
The GDPR contains 99 articles that define its requirements and rights granted to EU citizens, GDPR operations and structure, and penalties.