Strict new EU data sharing rules threaten huge fines

Dec 21, 2015 | Regulation

Technology companies could face fines of up to 4% of their global annual turnover under new European rules on data protection. The move marks the biggest shake-up to privacy regulation for 20 years, according to experts. A “strong compromise” on how to ensure a high level of data protection across the EU was agreed by […]

Technology companies could face fines of up to 4% of their global annual turnover under new European rules on data protection.


The move marks the biggest shake-up to privacy regulation for 20 years, according to experts.
A “strong compromise” on how to ensure a high level of data protection across the EU was agreed by Parliament and Council negotiators this week.
The new rules will forcing companies to pay 4% of their global turnover in fines if they breach the European Union’s data protection regulations have today been formally agreed.
The legislation will create a uniform set of rules across the EU “fit for the digital era,” said the EU in a press release.
It said they should also improve legal certainty and boost trust in the digital single market for citizens and businesses.
“The new rules will give users back the right to decide on their own private data”, said Parliament’s lead MEP on the regulation, Jan Philipp Albrecht.
Following this political agreement reached in trilogue, the final texts will be formally adopted by the European Parliament and Council at the beginning 2016. The new rules will become applicable two years thereafter.
The new draft policy, in discussion since 2012, will need to be ratified by the European Parliament next year.
Other changes include:

  • Tech firms will have to report serious data breaches to regulators within 72 hours
  • Consumers’ right to be forgotten will be extended beyond search engines to all aspects of their web history – so, for example, a user could request to have his or her Facebook profile removed
  • Consumers have the right to transfer their data from one company to another – so, for example, a user could request all data relating to shopping purchases be sent to them so they can transfer their preferences to a rival supermarket
  • Companies that handle significant amounts of data will have to employ a data protection officer
  • Jan Philipp Albrech, chief negotiator, said of deal: “This would be a major step forward for consumer protection and competition and ensure Europe has data protection rules that are fit for purpose in the digital age.”
    Stewart Room, head of data privacy at PwC, said: “The scale and breadth of the EU’s changes to privacy rules will deliver unprecedented challenges for business and every entity that holds of uses European personal data both inside and outside the EU.
    “Most companies will be shocked at the scale of the new rules and the work that needs to be done before the laws take effect in two years – it is not much time for the magnitude of the internal changes that will be required.”