Due to the rapid expansion of new technologies which have stepped up the processing of personal data to a hitherto unknown scale, the European Commission is making a lot of changes to personal data protection regulations. The purpose of the changes is to standardise personal data processing in the European Union, including improving the protection of privacy of Internet users.  

The most important changes being made to the regulations:

An increase in controller's responsibility in the event of infringement of the personal data protection regulation. An example of infringement may be not fulfilling the obligation to notify or not appointing a data protection officer – the equivalent of the present security officer.

The maximum administrative penalty will even reach 100 000 000 Euros or 5% of the annual gross turnover of the firm. The fine will be imposed practically for every infringement of the regulations and there are a lot of possibilities for breaches.
It is worth noticing that the sanctions will be imposed by each supervisory authority.
According to the draft of regulations, the administrative sanction shall be in every individual case  effective, proportionate and dissuasive.

Another change concerns the expanding of the scope of a controller's obligations. The controller will be obligated to inform the supervisory authority about any breaches within 24 h of getting the information about the infringement.

It will be necessary to keep a registry which will have all information about all incidents which are dangerous for personal data security. This entails the new obligations for the supervisory authority which will be obligated to react to any infringements.

According to the  regulations the obligation to notify the data subjects will be wider and will  include e.g. the period of keeping the personal data.

The regulation introduces a “Right to erasure” and “to obtain from third parties the erasure of any links to, or copy or replication of, that data”

It is worth noting that in criminal cases the general rules of personal data protection will be established in the field of cooperation between police and courts.