Under new proposals companies will have to make sure their customers’ data is fully protected or risk a fine up to 2% of turnover

EU Parliament Building

Companies could be fined up to 2 per cent of their global turnover if they breach new EU information security guidelines following an announcement by the European Justice Commissioner, Viviane Reding.

Reding unveiled proposals to change the rules dictating how companies handle any personal information.

The far-reaching changes may require public and private organisations in all 27 European member states to inform the Information Commissioner within 24 hours of discovering a data breach. If they don’t they could be fined.

In addition to the rule above, Reding’s proposed a new “right to be forgotten” ruling, giving customers the right to request details of the information a company holds about them and to have it removed or amended by their request.

Bigger companies employing more than 250 people are from now on required to appoint a privacy officer.

Bruce Green Chief Operating Officer at web and email security company M86 Security commented: “The prospect of being fined two per cent of turnover will change the economics of security, because the cost of compliance compared to the financial risk of a breach will now fall firmly in favour of security for global enterprises. This will make information security a discussion for the boardroom, not just the domain of compliance specialists and privacy officers.”

“With the increasingly stealthy tactics employed by cybercriminals and hacktivists, companies are going to be increasingly wary of untoward activity on servers, email and Web channels. We predict that the European directive will drive a new wave of awareness and innovation in information protection and cyber security.”