EU betting on mega fines for privacy breaches
Companies may soon have to confess to data breaches in 24 hours and then potentially face a whopping fine, an EC document reveals.


The European Commission is finalising proposals that would enable it to fine businesses up to five per cent of global turnover for significant privacy breaches, according to a report.
The plans are due to be unveiled next month and will mark a big moment in the history of data protection and the first major update of legislation on the issue since 1995, the Financial Times reported.
For bigger companies like Google or Facebook, which have both faced privacy probes in recent times, fines could extend into the billions.
National governments will have to agree to the proposals before any rules are enforced. It may be four years until EU-wide legislation is made official.
Under the rules, companies would also be forced to notify regulators and affected people within 24 hours.
Various cases over the past year have highlighted the damaging effects of not confessing to breaches early. RSA came under fire after it took two months to admit data on its SecureID tokens may have been compromised.
The draft document seen by the FT also indicated the EU is looking to enforce better data protection practices within companies.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The document called for companies with 250+ employees to have employees dedicated to data protection practices. This may mean a rise in the number of chief information security officers (CISOs).
Sony only recruited a CISO following the significant hacks earlier this year, which saw over 100 million customers' data compromised.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Why veterans can excel in data centers – and could help the IT sector address its skill shortages
In-depth Ex-military workers can bring software and hardware to civilian roles
By John Loeppky
-
LaunchDarkly to "double down" on observability with Highlight acquisition
News Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
By Daniel Todd
-
Top data security trends
Whitepaper Must-have tools for your data security toolkit
By ITPro
-
Why bolstering your security capabilities is critical ahead of NIS2
NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
By ITPro
-
SEC data breach rules branded “worryingly vague” by industry body
News The new rules announced last week leave many questions unanswered, according to security industry experts
By Ross Kelly
-
Crackdown on crypto needed to curb cyber crime, says expert
News Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
By Rory Bathgate
-
The gratitude gap
Whitepaper 2023 State of Recognition
By ITPro
-
2022 Public Sector Identity Index Report
Whitepaper UK Report
By ITPro
-
India’s new data protection bill continues to “facilitate state surveillance”
News Although data localisation requirements have now been removed, it’s down to the Indian government to select which countries data is allowed to be sent to
By Zach Marzouk
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against Albania
News The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
By Rory Bathgate