Political agreement has been reached on an EU-wide data protection law designed to create a 'one-stop shop', with a common set of rules applying across the continent. This will effectively replace the UK's current Data Protection Act.
The law bites on any area in which a business processes data on individuals (eg, customers, suppliers, users of a website). But it is probably in relation to employees that businesses process most data, in terms of both its range and quantity.
Importantly, the regime is backed up by a much fiercer penalty regime than presently applies. The maximum penalty for non-compliance will be €20m or 4% of an undertaking's worldwide turnover, if that is higher. This is likely to focus minds at board level in most organisations.