Data protection regulations will be strengthened in Europe in order to ensure people have more effective control of their personal data online.
This is the first major overall by the EU since 1995.
The reforms include a 'right to be forgotten', allowing citizens to delete their data from companies' computer systems, and a 'right to data portability', making it easier for citizens to transfer their personal data between service providers.
Businesses and organisations must obtain explicit consent from people before processing their data. They must also have exact data protection safeguards in place.
Individuals must be informed quickly about any data breaches that could adversely affect them. Companies which misuse customers' data will be fined up to 5% of their global turnover.
The new EU data protection legislation should replace the different laws of individual member countries. This means there will be one supervisory authority rather than 28. As a result, companies should find it easier to do business in the EU.
The European Consumer Organisation said most people are unaware that their rights are being violated “due to what are now everyday business practices”. Those who are aware have little ability to the collection and processing control of their data, including buying behaviour, social media use, political views, hobbies, financial data and health records.