The EU adopted new legislation on data protection on Thursday that could give people more control over their personal information including the right to be forgotten online.

The European Union’s General Data Protection Regulation (GDPR) passed on April 14 in Strasbourg after more than four years of negotiations.

It aims to give citizens back control over their data. It also means companies could face huge fines for breaching the new law.

Why did the EU want a new law?

The regulation is to replace the EU data protection directive which dates from 1995, when the internet was still in its infancy.

It intends to protect consumers and improve law for businesses in a digitised word of smart phones, social media, internet banking and global transfers.

Under the new law, companies will now have to take the issue of data protection much more seriously while the rights of individuals will be improved in the new digital age.

How will companies be held into account?

Data protection errors will be far more expensive than before.

Companies that do not comply with the strict new requirement will face fines of up to 4 per cent of their global revenue for the previous year, or €20 million (£15.8m) depending on which is greater.

In the UK, the maximum current penalty stands at about £500,000, according to Steven Lorber, a consultant partner at Lewis Silkin law firm, who specialises in data protection.

(Eurobarometer)

Businesses will have to appoint a special data protection officer if they are handling significant amount of sensitive data or monitoring the behaviour of many consumers. Under the new legislation firms must keep track of personal data in auditable ways and provide breach notification within 72 hours.

“The first mistake that organisations made is to assume this is just an IT issue, it’s not. It is a very significant business risk and needs to be dealt with at senior leadership level,“ Andrew Rogoyski, vice president of cyber security services at CGI, told the Independent.

Mr Rogoyski said that one of the biggest risks facing organisations is reputational damage. "In world where information is the most valuable currency, maintaining customer trust will be key to ensuring business success. Businesses which can’t get data protection right will quickly undermine customers’ trust and lose to the competition," he said.

"Now the starting gun has fired, companies have two years to get their handling of personal data into order or they face the possibility of punitive fines and public humiliation. We’re already receiving requests from clients to undertake work to assess the impact of the [General Data Protection Regulation] on them,” he added.

Gadget and tech news: In pictures Show all 25 1 /25 Gadget and tech news: In pictures Gadget and tech news: In pictures Gun-toting humanoid robot sent into space Russia has launched a humanoid robot into space on a rocket bound for the International Space Station (ISS). The robot Fedor will spend 10 days aboard the ISS practising skills such as using tools to fix issues onboard. Russia's deputy prime minister Dmitry Rogozin has previously shared videos of Fedor handling and shooting guns at a firing range with deadly accuracy. Dmitry Rogozin/Twitter Gadget and tech news: In pictures Google turns 21 Google celebrates its 21st birthday on September 27. The The search engine was founded in September 1998 by two PhD students, Larry Page and Sergey Brin, in their dormitories at California’s Stanford University. Page and Brin chose the name google as it recalled the mathematic term 'googol', meaning 10 raised to the power of 100 Google Gadget and tech news: In pictures Hexa drone lifts off Chief engineer of LIFT aircraft Balazs Kerulo demonstrates the company's "Hexa" personal drone craft in Lago Vista, Texas on June 3 2019 Reuters Gadget and tech news: In pictures Project Scarlett to succeed Xbox One Microsoft announced Project Scarlett, the successor to the Xbox One, at E3 2019. The company said that the new console will be 4 times as powerful as the Xbox One and is slated for a release date of Christmas 2020 Getty Gadget and tech news: In pictures First new iPod in four years Apple has announced the new iPod Touch, the first new iPod in four years. The device will have the option of adding more storage, up to 256GB Apple Gadget and tech news: In pictures Folding phone may flop Samsung will cancel orders of its Galaxy Fold phone at the end of May if the phone is not then ready for sale. The $2000 folding phone has been found to break easily with review copies being recalled after backlash PA Gadget and tech news: In pictures Charging mat non-starter Apple has cancelled its AirPower wireless charging mat, which was slated as a way to charge numerous apple products at once AFP/Getty Gadget and tech news: In pictures "Super league" India shoots down satellite India has claimed status as part of a "super league" of nations after shooting down a live satellite in a test of new missile technology EPA Gadget and tech news: In pictures 5G incoming 5G wireless internet is expected to launch in 2019, with the potential to reach speeds of 50mb/s Getty Gadget and tech news: In pictures Uber halts driverless testing after death Uber has halted testing of driverless vehicles after a woman was killed by one of their cars in Tempe, Arizona. March 19 2018 Getty Gadget and tech news: In pictures A humanoid robot gestures during a demo at a stall in the Indian Machine Tools Expo, IMTEX/Tooltech 2017 held in Bangalore Getty Gadget and tech news: In pictures A humanoid robot gestures during a demo at a stall in the Indian Machine Tools Expo, IMTEX/Tooltech 2017 held in Bangalore Getty Gadget and tech news: In pictures Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea Jung Yeon-Je/AFP/Getty Gadget and tech news: In pictures Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea Jung Yeon-Je/AFP/Getty Gadget and tech news: In pictures The giant human-like robot bears a striking resemblance to the military robots starring in the movie 'Avatar' and is claimed as a world first by its creators from a South Korean robotic company Jung Yeon-Je/AFP/Getty Gadget and tech news: In pictures Engineers test a four-metre-tall humanoid manned robot dubbed Method-2 in a lab of the Hankook Mirae Technology in Gunpo, south of Seoul, South Korea Jung Yeon-Je/AFP/Getty Gadget and tech news: In pictures Waseda University's saxophonist robot WAS-5, developed by professor Atsuo Takanishi Rex Gadget and tech news: In pictures Waseda University's saxophonist robot WAS-5, developed by professor Atsuo Takanishi and Kaptain Rock playing one string light saber guitar perform jam session Rex Gadget and tech news: In pictures A test line of a new energy suspension railway resembling the giant panda is seen in Chengdu, Sichuan Province, China Reuters Gadget and tech news: In pictures A test line of a new energy suspension railway, resembling a giant panda, is seen in Chengdu, Sichuan Province, China Reuters Gadget and tech news: In pictures A concept car by Trumpchi from GAC Group is shown at the International Automobile Exhibition in Guangzhou, China Rex Gadget and tech news: In pictures A Mirai fuel cell vehicle by Toyota is displayed at the International Automobile Exhibition in Guangzhou, China Reuters Gadget and tech news: In pictures A visitor tries a Nissan VR experience at the International Automobile Exhibition in Guangzhou, China Reuters Gadget and tech news: In pictures A man looks at an exhibit entitled 'Mimus' a giant industrial robot which has been reprogrammed to interact with humans during a photocall at the new Design Museum in South Kensington, London Getty Gadget and tech news: In pictures A new Israeli Da-Vinci unmanned aerial vehicle manufactured by Elbit Systems is displayed during the 4th International conference on Home Land Security and Cyber in the Israeli coastal city of Tel Aviv Getty

What are my rights?

The new rules will essentially give individuals greater control over their personal data.

Among other things, you will have the right to:

“Be forgotten”: This means that when an individual will no longer want his data to be processed, provided there are no legitimate reasons for retaining it, he can ask his company to erase it. This extends to internet companies storing our data, so someone could now technically ask Facebook to erase its profile along with all the data that it has gathered while you were using it.

Mr Rogoyski said that one of the biggest changes proposed in the new regulation is the the increased transparency of how personal data is being used by organisations.

The regulation puts onus on businesses and public bodies to notify users about how their personal information is being collected, stored and shared.

"This will have a profound effect on data processors operating in Europe, forcing them to take toucher measures for data protection and controls, including stricter privacy assessments and data management rule," Rogoyski said.

“Be notified”: Companies must notify individuals earlier and in a much more comprehensive manner if they process their data.

“Switch one’s personal data to another service provider”: Under the new rules, any person will have the right to “data portability” to make it easier for individuals to switch their personal data between service provider.

For instance, it should allow a user to switch to another email provider without losing contacts or previous emails. It will not only give individuals more control over their data, but also stimulate competition in the digital single market, according to the EU’s statement.

Who is affected by the new EU data protection rules?

Any individual who uses the web, has a social network account or email address.

Managers, heads of IT and any other staff responsible for data protection within a company should pay attention.

More importantly, the rule applies to all companies conducting business in Europe regardless of where the companies are based. This means a single set of rule will replace the current patchwork of national laws, making clearer both for businesses and consumers.

"The approach of the GDPR provides a risk based application of a "one size fits all" set of rules across the EU and recognises the different levels of privacy risk associated with SMEs and large global organisations. Privacy will be catapulted up the list of global organisations’ enterprise risks, requiring them to re-evaluate take action," said Mark Thompson, privacy lead in KPMG's cyber security practice.

“For non-EU businesses that trade in the EU, this agreement will require some to re-think some of the activities they carry out in the EU. This makes it much harder to operate certain “global” services and will require them to truly put an EU lens on the business activities which are undertaken in the EU market," Thompson added.

What is the timeframe?

The law passed on Thursday 14 April, marking the end of the legislative procedure.

The regulation will enter into force 20 days after its publication in the EU Official Journal. Its provisions will be directly applicable in all member states two years.