EU Justice Commissioner Viviane Reding, the Commission’s Vice President, said, "Seventeen years ago, less than 1% of Europeans used the Internet. Today, vast amounts of personal data are transferred and exchanged, across continents and around the globe in fractions of seconds. The protection of personal data is a fundamental right for all Europeans, but citizens do not always feel in full control of their personal data."

"My proposals will help build trust in online services because people will be better informed about their rights and in more control of their information. The reform will accomplish this while making life easier and less costly for businesses. A strong, clear and uniform legal framework at EU level will help to unleash the potential of the Digital Single Market and foster economic growth, innovation and job creation," she added.


Key changes in the reform include:

• A single set of rules on data protection, valid across the EU. Unnecessary administrative requirements, such as notification requirements for companies, will be removed. This will save businesses around €2.3 billion a year.
• Instead of the current obligation of all companies to notify all data protection activities to data protection supervisors—a requirement that has led to unnecessary paperwork and costs businesses €130 million per year—the regulation provides for increased responsibility and accountability for those processing personal data.
• Companies and organisations must notify the national supervisory authority of serious data breaches as soon as possible (if feasible within 24 hours).
• Organisations will only have to deal with a single national data protection authority in the EU country where they have their main establishment. Likewise, people can refer to the data protection authority in their country, even when their data is processed by a company based outside the EU. Wherever consent is required for data to be processed, it is clarified that it has to be given explicitly, rather than assumed.