The General Data Protection Regulation (GDPR) becomes enforceable from 25 May 2018 with the intention of strengthening and unifying data protection for all individuals within the EU. Sanctions for data breaches are as much as €20million or up to 4% of a company’s annual worldwide turnover.
Practically, it strengthens the requirement for consent prior to any marketing contact for instance and means that personal data cannot be transferred to countries outside the EEA, unless they guarantee the same level of data protection.