If you use or collect personal data, you should be aware of three points – the new EU law is coming, it will affect your business and it could well involve significant costs. At present, UK data protection obligations are primarily governed by the Data Protection Act 1998 (DPA), which implements an EU Directive. The European Commission’s proposals for reform are the subject of fierce debate and may still change. However, if they come into force as they stand, the implications are likely to include: Even more problems with consent; Significantly more red tape; New requirements for portability and deletion of data; Data processors will have to comply; and, Significantly higher fines. The proposal needs to be approved by both the European Parliament and EU Member States. It had been hoped that agreement could be reached by June of this year, but that now seems unlikely. However, there will be pressure to adopt the proposal by 2014, when the European Parliament and the European Commission are due for re-appointment. Make sure that budgets and planned financial forecasts for 2014-2016 include provision for compliance with the new law (including the appointment of “data protection officers”).