The European Parliament has given final approval to new General Data Protection Regulation (GDPR) legislation, which aims to update and harmonise procedures across the continent.

Lawmakers voted through the proposals on Thursday, four years after work to overhaul EU data protection rules began.

The GDPR replaces the current data protection directive, which dates back to 1995.

There are several key changes, including the introduction of a user’s right to be forgotten, the need for "clear and affirmative consent" to the processing of private data by the person concerned and privacy policies that are explained in “clear and understandable language”.

Users now have the right to know when their data has been hacked as well as the right to transfer data to another service provider.

Companies must appoint a data protection officer, while those who break the rules are liable to fines that can be up to four percent of total worldwide annual turnover.

Jan Philipp Albrecht, who steered the legislation through Parliament, said: "The general data protection regulation makes a high, uniform level of data protection throughout the EU a reality.

“This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age.”

The regulation will enter into force 20 days after its publication in the EU Official Journal, with Member States required to add it their national laws within two years.

There are three exceptions.

The rules will only apply “to a limited extent” in the UK and Ireland due to their special status regarding justice and home affairs legislation.

Denmark has six months after the final adoption of the directive to decide if it wants to implement the regulation in its national law.

John Giusti, Chief Regulatory Officer of the GSMA, welcomed the decision but warned: “It is now up to European data privacy regulators to work together to ensure that the GDPR rules are implemented in a way that supports economic growth and improved competitiveness.

“Regulators will need to exercise particular care in interpreting GDPR requirements – around consent, profiling, pseudonymous data, privacy impact assessments and transfers of data to third countries – to avoid stifling innovation in the digital and mobile sectors.”

Giusti and others also warned that the 2002 e-Privacy Directive, which is part of the GDPR, needs more reform.

This Directive concerns the processing of data to prevent, investigate, detect or prosecute criminal offences or enforce criminal penalties.

The European Telecoms Network Operators Association said: “Provisions overlapping with the GDPR should be removed and we should promote a consistent set of protection standards for consumers, while ensuring that all players can innovate.”

More News

Smartphone sales rise in Western Europe as Samsung and Huawei drive demand Smartphone sales rise in Western Europe as Samsung and Huawei drive demand Smartphone sales in Western Europe grew in the second quarter of 2017 on the back of demand for new flagship devices, new research has found. More detail
Telenor names new HR head as Haug departs Telenor names new HR head as Haug departs Telenor’s Chief People Officer is leaving the company after five years in the role. More detail
EE TV adds voice commands through Amazon Alexa EE TV adds voice commands through Amazon Alexa EE TV customers will be able to control their set-top boxes through voice commands after the UK operator added support for the Amazon Alexa virtual assistant. More detail
Swisscom toasts profitable second quarter Swisscom toasts profitable second quarter Swisscom reported a 10 percent rise in net profits in the second quarter and upped its EBITDA guidance for the year. More detail
KPN buys IT firm in healthcare push KPN buys IT firm in healthcare push KPN has acquired an IT services provider as it looks to strengthen its offering to the healthcare and public sector markets in the Netherlands. More detail