Under the law as it stands
A chain of shops has its head office in Member State X and franchised shops in 14 other EU countries. The data protection law of Member State X would therefore apply to customer data processing in head office. However, each shop must ensure it is processing data according to the laws of the country in which it is located.
This means that the company head office must consult a local lawyer for all countries where it has branches, pushing up administrative costs.
The new rules will do away with national data protection laws, and replace them with one set of rules across the EU. This will give businesses legal certainty and cut their costs considerably if they decide to do business cross-border.
They will also cut bureaucratic requirements which offer little added value for data protection, such as notifications to national data protection authorities, as currently required.