Saturday

21st Apr 2018

New EU fines will apply to 'old' data breaches

  • EU citizens will have more rights under a new general data protection regulation (Photo: Roel Wijnants)

Companies operating in the EU that are currently hiding serious data breaches similar to those that rocked Facebook last month better disclose those before 25 May, or be prepared to pay serious fines.

On that date, the EU's new general data protection regulation (GDPR) will come into force. The new EU regulation will require that companies that process personal data inform the relevant data protection authority in case of a data breach.

Thank you for reading EUobserver!

Subscribe now for a 30 day free trial.

  1. €150 per year
  2. or €15 per month
  3. Cancel anytime

EUobserver is an independent, not-for-profit news organization that publishes daily news reports, analysis, and investigations from Brussels and the EU member states. We are an indispensable news source for anyone who wants to know what is going on in the EU.

We are mainly funded by advertising and subscription revenues. As advertising revenues are falling fast, we depend on subscription revenues to support our journalism.

For group, corporate or student subscriptions, please contact us. See also our full Terms of Use.

If you already have an account click here to login.

If the compromised personal information is sensitive, companies will need to inform their customers too.

Failure to do so may lead to a fine, which could be up to €10m or two percent of the company's annual turnover, whichever is higher.

A European Commission official confirmed on Monday (9 April) that data breaches that happened before 25 May, but are kept silent until after that, will also be liable for such a fine.

"If this behaviour [of keeping a data breach secret] would continue - even if it started a long time ago and continues - and is discovered after the GDPR comes into play, then it's relevant," said the source.

The official briefed journalists on Monday on a swathe of digital affairs, a day ahead of the EU's Digital Day in Brussels, on the condition of anonymity. He made his comments on the GDPR when asked about it by EUobserver.

"If you discover the crime the moment it happens, but it started a long time ago, this doesn't really matter. This is not retroactive application, this is application of the actual case," he noted.

The official stressed that the 25 May deadline has been public knowledge for over a year.

"If there is a breach discovered the day after, the GDPR will apply," he said.

"I hope that every company dealing with our personal data takes the May deadline very, very seriously," he added.

This means that for companies that still have a kept-secret data breach, it may merit to fess up before 25 May.

In two recent high-profile cases of data breaches, they were revealed by media reports. Last month, it was revealed that Facebook users' data had been shared with UK consulting firm Cambridge Analytica without those users' consent.

Last November, Uber was shown to have covered up for over a year personal information of 57 million of its users.

EU to probe UK 'election-rigging' firm

MEPs are to investigate whether UK firm Cambridge Analytica and Facebook misused private data to sway votes amid increasingly lurid revelations.

Feature

'Flobert' guns - Europe's latest terror loophole

Project Safte, an international research project funded by the European Commission, has revealed a loophole in the EU firearms directive that is being exploited by criminals and possibly terrorists.

News in Brief

  1. Audit office: Brexit 'divorce' bill could be billions higher
  2. MEPs urge better protection for journalists
  3. Dieselgate: MEPs back greater role for EU in car approvals
  4. European parliament adopts new organic farming rules
  5. EU granted protection to half million people in 2017
  6. Report: Facebook to carve 1.5bn users out of EU privacy law
  7. Greek court ruling permits migrants to travel to mainland
  8. Commonwealth summit hopes for trade boost after Brexit

Stakeholders' Highlights

  1. Nordic Council of MinistersWorld's Energy Ministers to Meet in Oresund in May to Discuss Green Energy
  2. ILGA EuropeParabéns! Portugal Votes to Respect the Rights of Trans and Intersex People
  3. Mission of China to the EUJobs, Energy, Steel: Government Work Report Sets China's Targets
  4. Martens CentreJoin Us at NET@WORK2018 Featuring Debates on Migration, Foreign Policy, Populism & Disinformation
  5. European Jewish CongressKantor Center Annual Report on Antisemitism Worldwide - The Year the Mask Came Off
  6. UNICEFCalls for the Protection of Children in the Gaza Strip
  7. Mission of China to the EUForeign Minister Wang Yi Highlights Importance of China-EU Relations
  8. Nordic Council of MinistersImmigration and Integration in the Nordic Region - Getting the Facts Straight
  9. Macedonian Human Rights MovementMacedonians in Bulgaria Demand to End the Anti-Macedonian Name Negotiations
  10. Counter BalanceThe EIB Needs to Lead by Example on Tax Justice
  11. ILGA EuropeTrans People in Sweden to be Paid Compensation for Forced Sterilisation
  12. International Partnership for Human RightsThe Danger of Standing Up for Justice and Rights in Central Asia

Latest News

  1. ECJ ruling set to end 10-year 'mouth tobacco' lobbying saga
  2. Whistleblowers, Syria and digital revolution This WEEK
  3. MEP friendship groups offer 'backdoor' for pariah regimes
  4. Macron and Merkel pledge euro reform
  5. Obscurity surrounds EU military fund's expert groups
  6. New EU party finance rules short circuit accountability
  7. Draghi to stay in secretive 'lobby' group
  8. Bulgaria offers lesson in tackling radical-right populists