Saturday

24th Jul 2021

New EU fines will apply to 'old' data breaches

Companies operating in the EU that are currently hiding serious data breaches similar to those that rocked Facebook last month better disclose those before 25 May, or be prepared to pay serious fines.

On that date, the EU's new general data protection regulation (GDPR) will come into force. The new EU regulation will require that companies that process personal data inform the relevant data protection authority in case of a data breach.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

If the compromised personal information is sensitive, companies will need to inform their customers too.

Failure to do so may lead to a fine, which could be up to €10m or two percent of the company's annual turnover, whichever is higher.

A European Commission official confirmed on Monday (9 April) that data breaches that happened before 25 May, but are kept silent until after that, will also be liable for such a fine.

"If this behaviour [of keeping a data breach secret] would continue - even if it started a long time ago and continues - and is discovered after the GDPR comes into play, then it's relevant," said the source.

The official briefed journalists on Monday on a swathe of digital affairs, a day ahead of the EU's Digital Day in Brussels, on the condition of anonymity. He made his comments on the GDPR when asked about it by EUobserver.

"If you discover the crime the moment it happens, but it started a long time ago, this doesn't really matter. This is not retroactive application, this is application of the actual case," he noted.

The official stressed that the 25 May deadline has been public knowledge for over a year.

"If there is a breach discovered the day after, the GDPR will apply," he said.

"I hope that every company dealing with our personal data takes the May deadline very, very seriously," he added.

This means that for companies that still have a kept-secret data breach, it may merit to fess up before 25 May.

In two recent high-profile cases of data breaches, they were revealed by media reports. Last month, it was revealed that Facebook users' data had been shared with UK consulting firm Cambridge Analytica without those users' consent.

Last November, Uber was shown to have covered up for over a year personal information of 57 million of its users.

EU to probe UK 'election-rigging' firm

MEPs are to investigate whether UK firm Cambridge Analytica and Facebook misused private data to sway votes amid increasingly lurid revelations.

Are EU data watchdogs staffed for GDPR?

The success of the new general data protection regulation (GDPR) will depend on whether data protection authorities enforce the new rules - which, in turn, will be at least partly determined by how many people they employ.

News in Brief

  1. Macron changes phone after Pegasus spyware revelations
  2. Italy to impose 'vaccinated-only' entry on indoor entertainment
  3. EU 'will not renegotiate' Irish protocol
  4. Brussels migrants end hunger strike
  5. Elderly EU nationals in UK-status limbo after missed deadline
  6. WHO: 11bn doses needed to reach global vaccination target
  7. EU to share 200m Covid vaccine doses by end of 2021
  8. Spain ends outdoor mask-wearing despite surge

Feature

Covid-hit homeless find Xmas relief at Brussels food centre

The Kamiano food distribution centre in Brussels is expecting 20 people every half hour on Christmas Day. For many, Kamiano is also more than that - a support system for those made homeless or impoverished.

Top court finds Hungary and Poland broke EU rules

EU tribunal said Hungary's legislation made it "virtually impossible" to make an asylum application. Restricting access to international protection procedure is a violation of EU rules.

Stakeholders' Highlights

  1. Nordic Council of MinistersNineteen demands by Nordic young people to save biodiversity
  2. Nordic Council of MinistersSustainable public procurement is an effective way to achieve global goals
  3. Nordic Council of MinistersNordic Council enters into formal relations with European Parliament
  4. Nordic Council of MinistersWomen more active in violent extremist circles than first assumed
  5. Nordic Council of MinistersDigitalisation can help us pick up the green pace
  6. Nordic Council of MinistersCOVID19 is a wake-up call in the fight against antibiotic resistance

Latest News

  1. Far left and right MEPs less critical of China and Russia
  2. Why is offshore wind the 'Cinderella' of EU climate policy?
  3. Open letter from 30 embassies ahead of Budapest Pride
  4. Orbán counters EU by calling referendum on anti-LGBTI law
  5. Why aren't EU's CSDP missions working?
  6. Romania most keen to join eurozone
  7. Slovenia risks court over EU anti-graft office
  8. Sweden's gang and gun violence sets politicians bickering

Join EUobserver

Support quality EU news

Join us