The European Union’s new data protection rules come into force on May 25. The aim of the General Data Protection Regulation (GDPR), adopted two years ago, is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world, while creating a clearer and more consistent framework for businesses.

Now, citizens have to give their “clear and affirmative consent” for their data to be processed. They also have the right to receive clear and understandable information about who is processing the data, what data and why.

Also, citizens have “the right to be forgotten”. This means that a citizen can ask for his/her data to be deleted.

The new rules apply to all companies operating in the EU, even if these companies are based outside of the EU.

“With the General Data Protection Regulation, the European Union sets a global standard and ensures that fundamental rights, consumer protection and fair competition are strengthened,” said Rapporteur Jan Albrecht (Greens/EFA, DE). “For the first time, the same high level of data protection rules apply to everyone in the European Union; the new EU-wide rules replace a patchwork of 28 different national regulations.”