With EU lawmakers finally agreeing on new strict rules on data protection yesterday, the matter only needs to be put to a vote tomorrow to cross the finishing line.
The new regulation, which has been working its way through Brussels since 2012, is a landmark agreement harmonising data protection across all member states. Under the new rules, firms face sanctions of up to four per cent of their turnover if they fail to live up to the requirements.
This means the world’s biggest IT companies could be forced to pay billions if they breach the law.
The regulations have been met with mixed reviews. CBI was critical, with interim chief policy director Matthew Fell claiming they “miss the mark” for businesses and consumers alike.
But others have been more positive. Ross McKean, head of Olswang’s data protection practice, called the new laws a “paradigm shift”:
We have now moved from an era of relatively laissez-faire regulation of data in Europe to having the most stringent data laws in the world.
The new law is likely to push data protection higher up the agenda in company boardrooms, as Phil Lee, partner at Fieldfisher, pointed out:
If data protection hadn't previously reached board level before, it's about to now.
Fundamentally, the Regulation is about accountability. It's about businesses not only being compliant, but being able to show they're compliant.
Unlike EU directives, the new regulation will be legally binding in all member states, after a two-year transition period. The EU’s Civil Liberties Committee will be voting on it tomorrow, followed by an EU Parliament vote in the new year.