As technology evolves and is increasingly relied upon, we consequently live in an increasingly data-driven world.  This widespread use of technology and data-driven content is very different from the time when the old data protection legislation was established.  The potential for personal data abuse, theft, loss and privacy breaches is significantly higher than it was just a couple of decades ago and so the need for a solid data protection framework is now crucial.  Taking this into account, the aim of the European legislators was to provide a much more harmonised legal framework for data protection across the member states and to protect all EU citizens from privacy and data breaches.

In April 2016, the European Parliament and the Council adopted the General Data Protection Regulation (GDPR), which replaces the old legislation. GDPR is designed to benefit both individuals and organisations by increasing legal certainty, reducing the administrative burden and cost of compliance for organisations that are active in more than one member state and, importantly, enhance consumer confidence when using digital platforms or services.

Whilst the GDPR does build a more harmonized framework, it is likely that there will continue to be significant differences in data protection laws and enforcement practice across different borders.