The European Commission announced a data protection bill this week that it hopes will safeguard citizen's online privacy. In what Justice Commissioner Viviane Reding calls a “one stop shop,” the policy would enforce a single set of rules for the entire EU rather than individual rules in each member state.
The plan would require companies with more than 250 employees to hire a data-protection officer to monitor compliance with the new rules and report any serious data breaches to authorities and affected citizens within twenty-four hours. Companies must also adhere to the controversial “right to be forgotten,” which allows people to request data be deleted if there are no grounds for retaining it. Penalties can result in million dollar fines or up to two percent of a company's revenue.
Most start-ups and small businesses with fewer than 250 employees will be exempt from appointing a data protection officer and they won’t be required to produce reports of their data protection policies in most cases. In this public service announcement put out by the European Commission, it likens the lack of online data protection to walking around naked. Wednesday's announcement, however is just the first step in a long process as the proposals must still be approved by E.U. member states and the European Parliament.