EU Data Breach Laws Set to Toughen
Businesses will be required to inform authorities within 24 hours of a serious data breach according to tough new data protection rules announced during a press conference in Brussels yesterday.
“Companies and organisations must notify [authorities] of serious data breaches as soon as possible — and to me, that means within 24 hours,” said Justice Commissioner Viviane Reding.
Under the proposed law companies would also be obliged to inform all affected individuals of any data security breach, including unauthorised destruction or loss.
Under the Commission’s proposed changes to the 1995 Data Protection Directive, companies can be fined up to €1m (£830,000), or two percent of global turnover, for serious violations of the regulations. In an attempt to provide businesses with much simpler data protection administration throughout Europe, National data authorities will become the primary point of contact for companies dealing with Europe-wide data questions, and the legislation aims to provide a single set of rules for data protection across Europe.
The rules need to be approved by the EU’s member states and ratified by the European Parliament before they can come into effect.