A new year often marks a much-needed turnaround for businesses — a chance to redeem the previous year or capitalize on well-earned gains. However, 2016 brings with it sweeping data privacy changes for businesses that operate in the European Union, which will impact how they do business and make money.

The new protection laws, which will come into effect in two years, are arguably the biggest shakeup for data regulators and businesses that operate in the EU’s 28 member states.

“There are a few reasons people should really care [about this],” says Adam Schlosser, Director at the U.S. Chamber of Commerce’s Center for Global Regulatory Cooperation.

“If they’re doing business in the European Union now, they’ll have to monitor the changes. There’s an extensive amount of changes and the changes will come with a potentially substantial fine of up to 4% of global turnover—and even if you’re not intentionally targeting customers in Europe, the rule will still apply to you now,” says Schlosser.

What this means is that people or businesses that might not consider themselves global—or even businesses at all—may also be subject to the rules. “If you put up a website or you’re offering a service and it’s available around the world and a bunch of European residents are now using that service, you have to be prepared,” Schlosser explains.

The provisions essentially will make companies and businesses responsible for meeting a number of new requirements regarding protecting personal data, including implementing a “right to be forgotten” (the power to have an individual’s data erased), and tighten rules for transferring data between European countries and the U.S. In layman’s terms, it will completely change how U.S. businesses have been operating for years.

In some ways, the new laws are a good thing, because they will overhaul the inconsistent rules put in place by officials when the Internet was still in its early stages and data was not as ubiquitous, experts say.

However, not all is well and the regulations have attracted criticism from industry leaders who worry the patchwork of rules is too broad and may provide legal uncertainty since it may be interpreted differently by each country.

“We had awareness and action before, but the potential EU penalties move Big Data companies more and more toward leadership action,” says Neil Seeman, CEO of RIWI Corp., a global survey technology and Big Data firm.

“It further means that we need to keep working on these challenges, and data companies need to dedicate resources to figuring out these problems in sync with regulatory bodies. Technology is moving so fast that business and regulators need to move forward together.”

Data privacy became a relatively important (and controversial) issue in Europe in recent years as legislators try to combat international terrorism while ensuring citizens are guaranteed fundamental privacy rights. However, the rules developed as a result often fail to distinguish between commercial use and access to data with national security use and access, creating compliance challenges.

As the world has changed, so have the rules that govern how people interact with each other and businesses online.

“I think the biggest message for companies is that doing business is global. If you’re on the Internet or have businesses all over the world, you have to be mindful of what your data is, how you handle it, and always thinking proactively–because getting ahead of any potential issues in advance is a great way to avoid problems or capitalize on opportunities.”