After over four years of discussion, the new EU data protection framework was adopted on 8 April 2016. It takes the form of a Regulation – the General Data Protection Regulation (GDPR). The GDPR will replace the current Directive and will be directly applicable in all Member States without the need for implementing national legislation. It will take effect on 25 May 2018. However, as it contains some onerous obligations, many of which will take time to prepare for, it will have an immediate impact.