The European Parliament has voted on the biggest shake-up of data protection laws for 20 years.
The data protection regulation's stated aim is to give citizens back control of their personal data as well as simplifying the regulatory environment.
It could mean huge fines for companies that breach the law and offer some complex problems about how they store, delete and return data to citizens.
Here is a quick guide to what is involved.
Why was change needed?
It is a modernisation of data protection laws drawn up in 1995, before mass internet adoption.
Four years in the making, the new laws' stated aim is to strengthen the rights individuals have over their data and make companies take the issue of data protection far more seriously.
Although much of the legislation stays the same, the new rules offer "significant powers around the edges", according to Peter Church, a technology expert from law firm Linklaters.
What is the timeframe?
In December, the EU Commission, Parliament and Council of Ministers reached agreement on the General Data Protection Regulation, after months of negotiations, and on Thursday the document went before the European Parliament for a formal vote.
The rules will come into force in the summer. Then, member states will have two years to comply.