According to legal experts the EU's new data protection rules that are expected to become law in 2018 will affect every business and organisation and cannot be ignored.

The final text of the General Data Protection Regulation (GDPR) was agreed back in December 2015 after four years of political negotiations.

The GDPR is aimed at reforming the out-dated EU Data Protection Directive and is expected to be approved by the EU parliament when it meets in January 2016. When approved, the GDPR will become law in 2018 across all 28 EU member states.

Cyber security and data protection partner at PricewaterhouseCoopers (PwC), Stewart Room, said: "This will impact every entity that holds or uses European personal data both inside and outside of Europe."

According to Eduardo Ustaran, partner and European head of data protection at law firm Hogan Lovells, it would be a huge mistake to ignore the GDPR until it becomes enforceable in 2018.

In a blog post he said: "Whether we see the GDPR as a blessing or a threat - or something in between - it is not only wise, but a necessity to pay attention to what this ambitious framework is trying to achieve and has delivered."

Usturan believes the regulation will affect all businesses and not just those in Europe.

He added: "One of the most carefully thought-out aspects of the GDPR is its extra-territoriality."