Despite a lot of lobbying activity from "big data" the EU has managed to agree the text of a new data protection framework with new rules to come into force in 2018.
The previous directive was established in 1995 which is now a world away in terms of technology and data storage.
The key difference is that companies can be fined up to 4% of turnover for failing to comply and in particular for failing to keep personal data safe.
The chain of liability also extends beyond the data controller to any data processors and third parties involved. The significance of the latest hacks would be much greater and more financially punitive for those attacked and their suppliers if they had failed to adequately protect data.
Other elements are the right to be forgotten (or erasure), the need for a data protection officer, the requirement to report breaches, parental consent for 13-16 year olds to use social media, a single supervisory authority and some rights regarding portability of content.
No doubt much will be lost in translation into local legislation and if the UK votes to exit the EU this will be rather irrelevant.
However hats off to MEP Jan Philipp Albrecht for guiding this through the European Parliament. It is far from perfect but does seem a reasonable attempt to bring legislation up to date with the Digital Age and force companies who harvest our data to take reasonable steps to protect it.