The protection of personal data is regulated in the EU by national legislation wich is different in each Member State. To provide businesses and consumers with greater clarity, legal certainty and protection regarding the use and protection of private data, the EU set up the GDPR. This Regulation shall enter into force as from May 2018 in all EU Member States.
This regulation obliges companies to handle personal data with care in full compliance with European regula- tions as described in the GDPR. They need to identify wich personal data are stored and motivate why this is necessary. Each company must make a risk analysis for the storage and processing of personal data in its possession and must appoint responsibles for the storage and processing of this personal data. If personal data is compromised, the responsable must report this to the parties concerned and to a government organization designated for monitoring compliance with this reporting obligation.
Every European citizen must have the right to consult, modify, or even delete his or her personal data. For the storage and processing of personal data, citizens must now give explicit and demonstrable permission.