The EU has finalised its new General Data Protection Regulations (GDPR) after years of negotiations and planning.
The regulations still require approval from the EU Parliament, with approval being expected to take place this month.
Once it has been approved, it will come into force in 2018 and apply to all 28 member states, replacing their existing patchwork of differing data protection laws.
The new regulations outline stricter online protection laws for the continent, with the four biggest changes being: raising the age of consent for digital data collection from 13 to 16, deleting information from servers if a right to be forgotten request is made and approved, creating a single data protection office to deal with all complaints, and requiring all companies to inform the EU within 72 hours of a data breach occurring.
The laws apply to all companies, regardless of whether they are based in Europe or not, if they are collecting data from an EU citizen.
The punishment for companies who do not comply will be a fine of 4% of the company's global revenues – something that could be billions of dollars for the top internet companies such as Google and Facebook.