Companies operating in the EU that are currently hiding serious data breaches similar to those that rocked Facebook last month better disclose those before 25 May, or be prepared to pay serious fines.
On that date, the EU’s new general data protection regulation (GDPR) will come into force. The new EU bill will require that companies that process personal data inform the relevant data protection authority in case of a data breach.
If the compromised personal information is sensitive, companies will need to inform their customers too.
Failure to do so may lead to a fine, which could be up to €10m or two percent of the company’s annual turnover, whichever is higher.
A European Commission official confirmed on Monday (9 April) that data breaches that happened before 25 May, but are kept silent until after that, will also be liable for such a fine.