On 14/04/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it.
On 04/05/2016 EU Data Privacy regulation had been published in the official bulletin of the European Union, after 20 days (25/05/2016) the new EU Data Privacy regulation became official.
The General Data Protection Regulation (GDPR) have big economic penalties which will start to be real after 2 years this regulation was approved so: May 2018
Penalties of 10 millions or up to 2% of global turnover for the previous year and 20 millions or up to 4% of global turnover for the previous year are established
I created a presentation where I explain in details this topic, you can see my presentation here: