EU fines for privacy violations are likely to be issued to companies that fail to implement security measures to prevent their customers’ data from being stolen by cybercriminals. EU fines for privacy violations can be substantial, although the watchdogs that are able to issue them are limited. That is all about to change. The European Union has taken decisive action and will be penalizing companies that do too little to protect their customers.

EU fines for privacy violations apply to any company doing business in EU countries

Last week, negotiators met up in Strasbourg, France, and signed a new deal that will change data protection laws in the EU. It has taken some time for this update to take place, having first been discussed four years ago. There has been much debate about the level to which companies should be held responsible for data breaches, although finally all sides have come to an agreement that better protects consumers, make businesses more responsible, and will not interfere with efforts to bring cybercriminals to justice.

The changes to the law will ensure that more companies are held accountable for their lack of security controls. With the threat of cyberattacks increasing, and a number of major attacks suffered by companies over the past few years, an overhaul of data protection laws in Europe was long overdue.

Current legislation is somewhat patchy, offering limited protection for consumers. Companies in some industries can be fined up to 1 million Euros for privacy violations and the exposure of customer data, while others are allowed to escape without penalties.

The new EU fines for privacy violations will not have a fixed limit. Fines for businesses who are hacked or otherwise expose customer data will be as high as 4% of a company’s global annual sales. The aim of the new law change is to give companies a considerable incentive to invest in cybersecurity protections to keep their customers’ data secure, and improve consumer trust.

The law changes will also require companies doing business in any of the European Union’s 28 member states to disclose data breaches that have exposed consumer data. While privacy groups have welcomed the changes, business groups have not been quite so complimentary.

New EU fines for privacy violations to come into effect in 2018

According to EU Justice Commissioner Vera Jourova, “These new pan-European rules are good for citizens and good for businesses.” She also pointed out in a statement issued after the announcement of the conclusion of the negotiations that consumers and businesses stand to “profit from clear rules that are fit for the digital age, that give strong protection and at the same time create opportunities and encourage innovation.”

It will take a further two years for the new laws to come into effect, with the new EU fines for privacy violations expected to start being issued in 2018.