EU threatens to fine companies 5% of turnover in Data Protection overhaul

The right to be forgotten, the basic idea that users must remain in control of their personal data and be able to remove that data if they wish, will be problematic and potentially not even possible. But this issue will be dwarfed by new reports that the breach notification plan will come with a penalty: fines of up to 5% of the company’s global annual turnover for serious failures in data protection.

David Gibson, director of technical services at Varonis, thinks that such moves are long overdue. “Because they are based on turnover, these penalties have the capacity to wipe out a corporate’s global profits for the year. That makes the topic of data protection a top boardroom topic, if it were not one before.”

Gibson believes that recent and rapid growth in Big Data and unstructured storage places enormous strains on the ability of existing security technology to cope. “That doesn’t mean it is impossible,” he says. “It just means that corporates have to invest in the necessary data protection and analytical technologies capable of auditing – down to the last file – who does what, when and where with the firm’s data.”

While it generally takes several years for EC regulations to be transposed into national laws, companies that do business in Europe will need to reconsider their ‘return on prevention’ figures. “With penalties of up to five per cent of global turnover, I predict you will see major enterprises investing in the required technology,” said Gibson.

What’s Hot on Infosecurity Magazine?