Ospero's Currill says that he's in favor of the new legislation because it will give companies one set of regulations they must adhere to rather than the many different laws currently in place. Ospero has, in fact, already positioned itself to prosper from the E.U.'s data transfer laws by taking a cue from the physical world's warehouse distribution model.

"A lot of these issues kind of go away if you just embrace the local culture that you're trying to do business in," Currill says. "The pitch to a German, to a French person, to an Italian, they're all completely different. The simplest thing to do is to embrace the local jurisdiction and embrace the local customer."

To do that, Ospero is marketing its data centers as "compliance hubs" that allow customers to operate in a country without the compliance issues involved in data transfer. Essentially, Currill says, customers host an image of their application in an Ospero data center in the country in which they wish to do business, while Ospero manages the data and the application without it ever leaving Europe.

The new legislation would also put strict restrictions in place with regard to consent requirements. It would require that consent for the use of PII be obtained in advance on an opt-in basis before it could be used, and would require parental consent for individuals age 13 and younger.

It also mandates data portability, giving individuals the right to demand that an organization transfer any information about them to a third-party organization in a format determined by the individuals.