The European Commission is finalising proposals that would enable it to fine businesses up to five per cent of global turnover for significant privacy breaches, according to a report.
The plans are due to be unveiled next month and will mark a big moment in the history of data protection and the first major update of legislation on the issue since 1995, the Financial Times reported.
For bigger companies like Google or Facebook, which have both faced privacy probes in recent times, fines could extend into the billions.
National governments will have to agree to the proposals before any rules are enforced. It may be four years until EU-wide legislation is made official.
Under the rules, companies would also be forced to notify regulators and affected people within 24 hours.
Various cases over the past year have highlighted the damaging effects of not confessing to breaches early. RSA came under fire after it took two months to admit data on its SecureID tokens may have been compromised.
The draft document seen by the FT also indicated the EU is looking to enforce better data protection practices within companies.
The document called for companies with 250+ employees to have employees dedicated to data protection practices. This may mean a rise in the number of chief information security officers (CISOs).
Sony only recruited a CISO following the significant hacks earlier this year, which saw over 100 million customers' data compromised.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Crackdown on crypto needed to curb cyber crime, says expertNews Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
-
The gratitude gapWhitepaper 2023 State of Recognition
-
2022 Public Sector Identity Index ReportWhitepaper UK Report
-
India’s new data protection bill continues to “facilitate state surveillance”News Although data localisation requirements have now been removed, it’s down to the Indian government to select which countries data is allowed to be sent to
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against AlbaniaNews The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
