Strong new data protection laws aimed at protecting the personal information of 500 million people across the EU come into effect from today.

The General Data Protection Regulation will give new rights to consumers and put extra responsibilities on organisations that gather, process and store personal data.

A recent survey carried out on behalf of the Office of the Data Protection Commissioner found a high level of awareness about GDPR among small and medium sized enterprises here, with up 90% of them saying they were aware changes were imminent.

But action on the issue appears to have been limited, with only 37% saying they had implemented a GDPR plan.

The new regime replaces the 1995 directive, updating the rules to take account of massive changes in technology in the interim.

It aims to wrestle back control over citizen's personal data from the companies that gather and use it to generate revenue, including large technology firms like Facebook, Google, Apple, Microsoft and Amazon.

"I think we are ready," said Helen Dixon, Ireland's Data Protection Commissioner.

"I think there has been a huge awareness. I think at senior levels in organisations which we haven't seen before there is now a realisation that organisations need to treat personal information that they collect from members of the public, from consumers and from customers and their employees very carefully and safeguard it."

Among the elements of the regulation are measures to increase accountability of data harvesters, including a requirement to ensure that information is gathered, held and processed according to the new rules.

Organisations must also be able to demonstrate how they have done this, by designing privacy into everything that involves personal data, abiding by codes of conduct and getting certification where possible.

They also have to be clear and transparent about what they are collecting, what the legal basis for doing so is, who will receive the data, how will it be moved around and how long it can be held for.

Consent must be in place before personal data can be harvested and processed and that consent must be informed, freely given and clear.

GDPR also includes a range of rights for consumers, including the ability to access personal data held by a person or organisation about them, to move, erase or rectify that data and a right to object to or even restrict the processing of that information.

There is also a mandatory requirement for all data breaches to be notified to the supervising authority and organisations found to have broken rules can be fined up to €20 million or 4% of global turnover in the previous year.

"What the GDPR requires of organisations is that in collecting and processing what's called personal data for many of us...they have to do it in a way that is lawful, that is fair and transparent," Ms Dixon said.

"They have to be accountable, and demonstrably accountable, in terms of how they handle personal data. So what that means on a practical level for all of us is that we should receive clearer information from organisations when they are collecting our personal information and clearer information about uses the intend to put it to."

The regulation has just been transposed into Irish law via the Data Protection Act, which was signed by President Micheal D Higgins yesterday.

Most large technology firms have been working on becoming GDPR compliant for some time, with Facebook, Apple and others announcing a range of new measures and changes in recent weeks.

Facebook, which has been engulfed in controversy recently as a result of the Cambridge Analytica affair, has moved regulation of 1.5bn members in Africa, Asia, Australia and Latin America out of Europe in a move widely interpreted to be aimed at avoiding having to apply GDPR standards to their data.

"Nothing is ever a panacea, there is never a silver bullet solution," said Simon McGarr, solicitor and Director of European Data Compliance.

"But there is no doubt that Europe's commitment to data protection as a human right is acting as the gold standard, not just inside Europe but globally."

"Over 130 countries have now adopted data protection regimes which are moving towards compliance with GDPR.

"So certainly I think we are going to see this becoming the norm not just in Europe but in other jurisdictions around the world."

The Office of the Data Protection Commissioner here is expected to come under significant pressure in the wake of the introduction of the new rules because under GDPR organisations can adopt a one-stop-shop principle where they have operations in a number of member states.

Many of the largest data processors in the world have their European or international headquarters here in Ireland.