AbstractOn January 25, 2012, the EU Commission set forth a proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and a proposal for a Directive of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data. The Draft Regulation, once approved by the European Parliament and the Council, should replace Directive 95/46/EC (the "Data Protection Directive") which has been criticized for being laden with loopholes and legal uncertainty. A stronger and more coherent data protection framework in the EU, backed by strong enforcement that will allow the digital economy to develop across the internal market as well as put individuals in better control of their own data, is intended to prevent fragmentation in the way personal data protection is implemented across the Union. The proposed regulation would essentially create a single, unified law that applies to all 27 member states. It sets forth a new legal regime which would foster protection for individuals based on a complete compliance program companies must demonstrate to fulfill.