The EU Parliament has approved the final text of the Regulation ‘on a framework for the free flow of non-personal data in the European Union’. The Regulation will prohibit national rules requiring non-personal data (e.g. machine-generated, or commercial data) to be stored or processed in a specific member state. Restrictions on the location of data will only be allowed on grounds of public security. For data sets of both personal and non-personal data, the free flow will apply to the non-personal data part of the set. Where personal and non-personal data are inextricably linked, GDPR will apply.