On 12 March 2014, the European Parliament voted in favour of the General Data Protection Regulation (GDPR), proposed by the European Commission. Under the so-called 'trilogue' process after the vote of the Parliament, the Council has to vote on the proposed legislation before it can enter into force.
 
The GDPR tightens the rules concerning the use of personal data. For example, companies will be required to prove compliance with appropriate safeguards in order to be able to transfer data outside the EU. Prior authorisation from the respective EU Member States' data protection authorities is another rule that establishes more strict monitoring of companies' international data flows. In addition, "'a'ny legislation which provides for extra-territorial access to personal data processed in the Union without authorisation under Union or Member State law should be considered as an indication of a lack of adequacy. Consequently the transfer of personal data to that third country should be prohibited." (See source 6, art. 41, recital 82).