The European Union's new stronger, unified data protection laws, the General Data Protection Regulation (GDPR), will come into force on 25 May 2018, after more than six years in the making. GDPR will replace the current patchwork of national data protection laws, give data regulators greater powers to fine, make it easier for companies with a "one-stop-shop" for operating across the whole of the EU, and create a new pan-European data regulator called the European Data Protection Board. They state that data protection should be both by design and default in any operation. To ensure companies comply, GDPR also gives data regulators the power to fine up to €20m or 4% of annual global turnover, which is several orders of magnitude larger than previous possible fines. Data breaches must be reported within 72 hours to a data regulator, and affected individuals must be notified unless the data stolen is unreadable, ie strongly encrypted.

Source: The Guardian December 19, 2017 09:45 UTC