In December 2015 the European Commission published a General Data Protection Regulation (GDPR) to replace the Data Protection Directive, which currently regulates the collection and use of personal data within the European Union (EU). The Data Protection Directive was enacted more than 20 years ago and was in dire need of updating to keep pace with developments in data collection and sharing practices, as well as the explosion of data security breaches. The GDPR will likely come into force in 2018, but its wide-ranging implications necessitate immediate attention from the business community not only in the EU but also on the global stage.
The key features of GDPR are summarized below.