In effect, organizations operating in Europe have had to deal with a dizzying array of laws governing the holding and processing of personally identifiable information (PII).

Additionally, the Data Protection Directive was drafted in the early days of the public Internet: Hotmail did not yet exist and the public had yet to know what the term "Google search" meant. The directive did not anticipate the changes to computing that would come from software-as-a-service (SaaS) and other forms of cloud computing.

"Currently, we have 27 member states in Europe, and each one of those member states have taken it upon themselves to create their own version of the Data Protection Act" says Jason Currill, CEO of , a provider of global hosting, infrastructure and platform services.

"Most of them are pre-cloud, based on the Data Protection Directive formulated in 1995. Everything has now changed. Geopolitical barriers have been smashed by the cloud. There are data privacy issues and data sovereignty issues that didn't exist back in 1995," Currill says.

In January of this year, the E.C. published a first draft of a new legislative package intended to both harmonize the data protection laws across the E.U. member states and update them to address the new technological reality.