The European Union is preparing to enact a new data breach protection law that will require breach notification and levy fines against companies whose breaches are determined to be due to negligence.
The final version of the European Commission General Data Protection Regulation should be ready by December, with its regulations being implemented across EU countries two years later. Geoff White, underwriting manager for cyber, technology and media at Barbican Insurance Group in London said, “mandatory reporting is coming, and people need to start taking steps now,” and Marcus Evans, a partner at law firm Norton Rose Fulbright L.L.P., wrote “most businesses will need to make some changes to their data processing practices to meet the requirements…Many will have to make extensive changes.”
According to the draft, authorities and affected individuals must be notified about a breach that poses “significant risk of harm,” or violation of rights within 72 hours. For more on the proposed law that will “be applied in the same manner across all 28 E.U. member states,” check out the Business Insurance article.