If European Union proposed “data protection law” comes into existence, than firms have to face being fined up to 2% of their global annual turnover if they found breaching the proposed EU data laws. The EU has put forward the suggestion as part of a new directive and regulations.
The new rules include users’ “right to be forgotten” and an obligation on organisations to report data breaches “as soon as possible”. Justice Commissioner, Viviane Reding, said it was important for EU citizens – particularly teenagers – to be in control of their online identities. “My proposals will help build trust in online services because people will be better informed about their rights and more in control of their information,” she said.
“The companies that charged a user for a data request be fined up to 0.5% of their global turnover”, commissioner suggested. She said that sum should double if a firm refused to hand over data or failed to correct bad information. She added that companies responsible for more serious violations could be fined up to 2% of their turnover. The sum is capped at 1m euros for other bodies.
Key Changes to the 1995 Protection rules:
- People will have easier access to their own data, and will find it easier to transfer it from one service provider to another.
- Users will have the right to demand that data about them be deleted if there are no “legitimate grounds” for it to be kept.
- Organisations must notify the authorities about data breaches as early as possible, “if feasible within 24 hours”.
- In cases where consent is required organisations must explicitly ask for permission to process data, rather than assume it.
- Companies with 250 or more employees will have to appoint a data protection officer.