Changes in Data Breach Laws

lawA recent article in is giving a heads up for the proposed changes in the data breach laws across the EU.

At the moment, the Information Commissioners Office (ICO) has the ability to dole out fines of up to half a million pounds to any company that fails to look after its data. The problem is, this maximum penalty is rarely used.

The proposed changes will see a much tougher stance being taken, including a fine of up to 5% of turnover. Plus, the company will have to reveal it has a problem within 24 hours.

The article went on to quote Grant Taylor, Cryptzone Vice President of the compliance vendor, as saying that the 24 hour rule would be a ‘game changer’ elevating data security to a boardroom discussion across Europe.

He went on to comment that, “as has been reported, in the US where data breach notification legislation is a lot more onerous that in Europe, the costs of remediating a breach are a lot higher. As a direct result, we have found that the issue is discussed a lot more amongst companies and, as a consequence, the profile of IT security generally seems to be far greater.”


What do you make of these proposed changes?

Are they a good thing?

Leave a comment below, we’d love to hear what you think.