The European Commission is finalising proposals that would enable it to fine businesses up to five per cent of global turnover for significant privacy breaches, according to a report.
The plans are due to be unveiled next month and will mark a big moment in the history of data protection and the first major update of legislation on the issue since 1995, the Financial Times reported.
For bigger companies like Google or Facebook, which have both faced privacy probes in recent times, fines could extend into the billions.
National governments will have to agree to the proposals before any rules are enforced. It may be four years until EU-wide legislation is made official.
Under the rules, companies would also be forced to notify regulators and affected people within 24 hours.
Various cases over the past year have highlighted the damaging effects of not confessing to breaches early. RSA came under fire after it took two months to admit data on its SecureID tokens may have been compromised.
The draft document seen by the FT also indicated the EU is looking to enforce better data protection practices within companies.
The document called for companies with 250+ employees to have employees dedicated to data protection practices. This may mean a rise in the number of chief information security officers (CISOs).
Sony only recruited a CISO following the significant hacks earlier this year, which saw over 100 million customers' data compromised.
-
Why veterans can excel in data centers – and could help the IT sector address its skill shortagesIn-depth Ex-military workers can bring software and hardware to civilian roles
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Crackdown on crypto needed to curb cyber crime, says expertNews Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
-
The gratitude gapWhitepaper 2023 State of Recognition
-
2022 Public Sector Identity Index ReportWhitepaper UK Report
-
India’s new data protection bill continues to “facilitate state surveillance”News Although data localisation requirements have now been removed, it’s down to the Indian government to select which countries data is allowed to be sent to
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
