In the next few months, the European institutions will adopt the final texts of the new rules on data protection in the European Union: a general data protection regulation and a Directive on the protection of data processed by police and criminal justice sector.
The rules of the regulation will be directly applicable by the member States, also to the companies based outside EU territory but operating in it, so that the discipline of this matter will be only one for the whole continent. Moreover, there will be a single supervisory authority.
The reform aims to give to the citizens the actual control on their data, by facilitating the their access and confirming the right of portability, the right to be forgotten and the right to be informed when the data are hacked.
Small and medium enterprises will be exempted from several formalities, such as the notification to supervisory authorities, and they will also be allowed to demand a reimbursement of the expenses incurred in processing applications for accesses that are manifestly unfounded or excessive.
On the other hand, the directive, aims to ease the cooperation between law enforcement and criminal justice authorities, obviously without waiving the protection of the data processed for their institutional purposes.
The directive, in fact, establish the principles of necessity, proportionality and legality with the appropriate safeguards to make them effective, also in the case where data have to be transferred to authorities outside EU.
The reform will probably come into force in 2018.