IOT: Powering the digital economy

Data protection in Europe is about to transform, and it could save businesses $2.7 billion a year

Data protection in Europe is about to transform
Data protection in Europe is about to transform

As the world becomes increasingly interconnected and people share their data on a colossal, unprecedented scale, the issue of data protection is becoming ever more important.

Data protection in the European Union is about to undergo a big shake-up. Next May will see the General Data Protection Regulation (GDPR) start to apply.

The regulation will update the 1995 Data Protection Directive — introduced at a time when the digital age was in its infancy — and will impact both citizens and businesses.

Among other things, the GDPR is set to boost people's right to be forgotten and guarantee free, easy access to their personal data. Organizations and businesses will also have to inform people about data breaches that could negatively impact them, and do this "without undue delay." Relevant data protection supervisory authorities will also need to be told of any breaches.

The European Commission has said that a new single law on data protection will replace "the current inconsistent patchwork of national laws." Businesses, it says, will be able to deal with one law rather than 28, with the financial benefits estimated at 2.3 billion euros ($2.72 billion) per year.

"The General Data Protection Regulation is not a revolution but it represents a big change for retailers," Giovanni Buttarelli, the European data protection supervisor, told CNBC.

For businesses, the impact of GDPR will be significant. "It's enormous, it's enormous," Toshihiko Otsuka, CEO of Rakuten Europe, said. Otsuka added that his company was "really serious" about preparing for the new rules and had formed "a sort of task force across countries" to tackle the new regulations.

Paul Clarke is chief technology officer of online grocer Ocado. The business has developed a smart platform that it describes as a "proprietary solution for operating online retail businesses." The platform is offered as a managed service, and Clarke acknowledged that GDPR would impact the way Ocado dealt with other companies.

"In the same way that GDPR is going to affect us in the U.K., it's going to affect our international business too," Clarke said. "Many of the companies who we're talking to… they're going to want to trade with Europe too, and therefore it's very important that they buy a platform that is going to be compliant with those regulations."

Businesses that don't comply with the new regulations will be penalized, with Buttarelli saying that authorities would introduce "severe enforcements." He added that sanctions would largely focus on administrative fines. These, he said, could rise to 4 percent of a business' worldwide turnover, depending on the gravity of non-compliance.

Follow CNBC International on Twitter and Facebook.