The European Commission's GDPR, which was adopted earlier in April and will start being enforced in 2018, is aimed at improving data handling and privacy for EU citizens (regardless of where they are based) and EU residents.

The GDPR represents a significant change for businesses, with failure to comply potentially resulting in penalties of EUR 20m or 4% of revenues (whichever is higher). 

Yet, to the consternation of businesses, there is continued ambiguity in the regulation. The 2 year grace period is therefore likely to be a dual process of understanding the rules correctly, then ensuring they are implemented.