Data protection in Europe is set to undergo a huge change on May 25. From that date, businesses will have to comply with the European Union’s new General Data Protection Regulation (GDPR) law.

The new rules will update the 1995 Data Protection Directive — introduced at a time when the digital age was in its infancy — and will impact citizens as well as companies.

Among other things, GDPR is set to boost people’s right to be forgotten online and guarantee free, easy access to personal data. Organizations and businesses will have to inform people about data breaches that could negatively impact them and do this “without undue delay.” Relevant data protection supervisory authorities also need to be told.

Just how much of an impact GDPR will have will be an interesting story to follow.

“Some commentators have said that what’s going to happen is that, effectively, the General Data Protection Regulation will establish a new standard globally for data protection,” Damien Tambini, from the London School of Economics and Political Science (LSE), told CNBC.

“I don’t think that’s the case,” Tambini, an associate professor at the LSE’s department of media and communications, added. “I think it will be horses for courses. Some companies, depending on their offer, will take the view that it is cost effective for them to establish new practices which are global, and others will develop new services for different markets.”

A sticking point could be that Europeans utilize a number of ways to access online services, including cloud services, that are actually based in the U.S., Tambini said.

“Universities are having to rethink which cloud services they use because it may not, any longer, be legal for them to use services which are outside the jurisdiction of the GDPR,” he said. “There is a rethinking both in terms of how U.S. companies provide services into the EU and how EU citizens are using services which are based out of the EU jurisdiction.”

At video streaming giant YouTube, preparations are underway for the new rules and regulations.

“I think it’s absolutely appropriate that governments look to make sure that consumers are protected, and properly protected,” Ben McOwen Wilson, YouTube EMEA’s regional director, said. “We will always comply with… all of that regulation and indeed have gone beyond that regulation to date to try and ensure that… it’s really clear to the consumer… what will they do with my data, how do they use it and how do they not use it?”

Follow CNBC International on Twitter and Facebook.