The new data-protection regulation is needed primarily because the implementation and enforcement gaps between member states were too large and confusing for all involved. The regulation lays down rules relating to the protection of individuals in the processing of personal data and rules on the free movement of personal data. This will help to improve the level of protection and legal certainty, guarantee the enforcement of individuals' rights and improve factors relating to the internal market.
Successes achieved include: clear principles for processing data and clear, technologically neutral definitions that can stand the test of time; appropriate information and rights for the data subject, including a strong definition of consent; reduced bureaucracy for businesses; strong data-protection authorities; harmonised EU-wide enforcement; a clear system for international transfers of data; and strong sanctions for breaches.