In January 2012, the European Commission presented the long-awaited proposal for a reform of the European data protection law, which consists of a general data protection Regulation as well as a Directive (the "Data Protection Regulations").
On 12 March 2014, the European Parliament voted during its first reading by an overwhelming majority in favour of the Data Protection Regulations.
The regulations aim at reinforcing the rights of data subjects, enhancing the responsibility of data controllers and strengthening the position of supervisory authorities. ‘Privacy by design' and ‘privacy by default' will also become
essential principles in EU Data Protection Regulations. Therefore, companies need to ensure that risk analysis is embedded into business processes.
The Data Protection Regulations move now to the Council of Ministers consisting of member states government representatives (of which Luxembourg will take the presidency from July 2015) and are subject to potential amendments.
Jan Philipp Albrecht, a vice-chair on the Parliament's civil liberties, justice and home affairs committee and rapporteur on the issue warned during a briefing in the European Parliament on 7 January 2015 that "even if the
council is ready to negotiate somewhere in June, it is not sure we will finalise a compromise before the end of the year". He highlighted that "Every day we postpone this procedure, the standards for the protection of personal data in Europe are endangered more and more."
