The European Commission has warned member states to make sure their national laws are in line with the new General Data Protection Regulation (GDPR) that will come into effect in May.

The GDPR governs the privacy practices of companies handling EU citizens’ data. Its aim is to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

There are potentially huge fines for firms that don’t abide by the new rules.

“In today’s world, the way we handle data will determine to a large extent our economic future and personal safety. We need modern rules to respond to new risks, so we call on EU governments, authorities and businesses to use the remaining time efficiently and fulfil their roles in the preparations for the big day,” said Vera Jourova, European Commissioner for justice, consumers and gender equality.

According to the European Commission, only Germany and Austria have passed all the necessary legislation needed to bring national laws into step with the new EU-wide regulations.

As reported by the Irish Times, the Commission, which is providing €1.7m to fund data protection authorities ahead of the introduction of GDPR, has urged member states to ensure relevant bodies are equipped with the necessary resources.

The Commission has also set aside another €2m to assist small and medium-sized businesses in ensuring they are compliant with the new rules. On January 24, it also launched a new online tool to help companies prepare for GDPR.