The European Commission is finalising proposals that would enable it to fine businesses up to five per cent of global turnover for significant privacy breaches, according to a report.
The plans are due to be unveiled next month and will mark a big moment in the history of data protection and the first major update of legislation on the issue since 1995, the Financial Times reported.
For bigger companies like Google or Facebook, which have both faced privacy probes in recent times, fines could extend into the billions.
National governments will have to agree to the proposals before any rules are enforced. It may be four years until EU-wide legislation is made official.
Under the rules, companies would also be forced to notify regulators and affected people within 24 hours.
Various cases over the past year have highlighted the damaging effects of not confessing to breaches early. RSA came under fire after it took two months to admit data on its SecureID tokens may have been compromised.
The draft document seen by the FT also indicated the EU is looking to enforce better data protection practices within companies.
The document called for companies with 250+ employees to have employees dedicated to data protection practices. This may mean a rise in the number of chief information security officers (CISOs).
Sony only recruited a CISO following the significant hacks earlier this year, which saw over 100 million customers' data compromised.
