December 19, 2011
Companies in breach of EU privacy regulations could face weighty fines of up to 5% of their global turnover should they be found guilty by officials.
Under the first significant update to data protection legislation since 1995, the new rules would require companies to notify authorities and affected customers within 24 hours of noticing the data breach.
In addition, companies with more than 250 employees would be required to have staff dedicated to data protection, according to the Financial Times. However, the measures are still being finalised by the European Commission and would need to be approved by EU governments.
“These new proposals can be seen as an indication that the EU is getting tougher when it comes to privacy compliance,” said one expert. “The changes will include a mandatory requirement for companies to report cases where data privacy has been breached to the authorities and affected parties within 24 hours, as well as increasing fines to 5% of global turnover and considering possible criminal offences.
The move signifies privacy regulators’ desire to improve privacy in the EU, especially for non EU owned organisations, added the Financial Times. Additional changes to the law could see users of sites such as Facebook and LinkedIn exercise the “right to be forgotten”, allowing them to delete information they have posted online, even if they had earlier given their consent to it being public.
