After months of negotiation and debate, the EU Parliament and Council has agreed on the content of the General Data Protection Regulation, aiming to harmonize data protection laws across all of Europe.
This new regulation could implement some harsh penalties that would cost companies billions if found to have contravened the law, leading to fines of 4% annual turnover for firms caught breaking the rules.
This new regulation also highlights the new mandatory notification process for serious breaches with includes: mandatory notification to the relevant national supervisory authority, a single regulator for multinational companies wherever their HQ is, and the mandatory appointment of a data protection officer.
Another part of the EU’s new data protection laws is the Data Protection Directive for the police and the criminal justice sector. This element promises to “facilitate cross-border cooperation of police or prosecutors to combat crime and terrorism more effectively across Europe.”
The CBI’s Interim Chief Policy Director, Matthew Fell, was quick to criticize the new laws, claiming, “From driving research and development in healthcare to powering our free social media and search platforms, data analytics is a vital part of modern business. This new legislation could hamper that with unnecessary administrative burdens and costs, like mandatory data protection officers, placed on firms of all sectors and sizes”.
The regulation is currently in the hands of a Civil Liberties Committee set to vote on Thursday before Parliament votes in the New Year. The regulation will then go into effect in two years within all member states, with no room for negotiation.