Businesses will have to report major data breaches within 24 hours under new EC law
Businesses will have to report major data breaches within 24 hours under new EC law

Businesses across the European Union (EU) will have to report ‘major' data breaches within 24 hours.

Speaking at the launch of the Data Protection Directive for the EU, Viviane Reding, vice-president of the European Commission in charge of justice, fundamental rights and citizenship, said it was launching a single set of rules on data protection that would be valid across the EU's 27 member states and would be "one data protection authority for one company" and "one authorisation for the whole of the EU".

With regards to business, Reding said the "scandal" of data breaches will be ameliorated, with victims "informed as soon as possible, within 24 hours on major breaches", although she failed to declare how a major breach would be determined.

She added that SMEs will be exempt from employing a data protection officer internally, the concept of which was revealed by SC Magazine last year.

There was also a focus on the need for personal data to be controlled by individuals, with Reding saying that the EU's 500 million citizens will see immediate benefits, with an increase in trust about what is being done with their data.

She said "personal data belongs to the person" and that often, users were not aware of the privacy policies on social networking sites, or how their data was used when they visited a search engine.

“The right to be forgotten is the right of the person, you can give your data to a company and be able to take it back and give it to another company, or take it back and keep it. A company has to prove that they need it, so the burden of proof is on company and not on the individual,” said Reding.

Reding cited the case of an Austrian student who struggled to retrieve data from Facebook, which is based in Ireland. “In the future the student would go to the Austrian regulator and ask them to solve the problem, so it is a one-stop shop for the citizen,” she said.

Reding concluded by saying: “This is fit for the digital age and for new technologies and services and will make Europe a standard-setter for the digital market and data protection. This is a crucial piece of legislation.”