On 15th December 2015, following three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the EU General Data Protection Regulation (GDPR).
The aims of the GDPR are to reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce the administrative burden. The GDPR replaces the 1995 General Data Protection Directive and applies directly to each of the 28 EU Member States.
On 14th April 2016, the Regulation and the Directive were adopted by the European Parliament. The new rules are applicable for two years.