Breaching EU data protection laws could cost businesses up to four per cent of their annual worldwide turnover, reports suggest. Statewatch has seen a leaked document from the presidency of the European Council of Ministers, which says a four per cent cap would apply in data breaches that affect the rights of data subjects, Computing.co.uk reports.
A two per cent cap will remain in place for other types of breaches, such as those involving a data controller breaching regulations regarding non-compliance with an order of the supervisory authority.
Members of the European Parliament had previously expressed support for a cap on fines to be around five per cent of a company’s annual turnover. The Council of Ministers, meanwhile, had proposed a tiered system of fines with a two per cent turnover cap in place.
The proposal outlined in the leaked document therefore represents something of a compromise between both positions and will be considered by the European Parliament and the European Commission, before possibly being implemented some time next year.
It is also understood that policymakers will have to look into whether appointing a data protection officer should be mandatory. This is another area where opinion differs, as the Council of Ministers has already stated it does not want to the role to be made compulsory. By contrast, MEPs believe a data protection officer should be made mandatory in very specific circumstances.