Security players back tougher EU data protection laws


Security players back tougher EU data protection laws

Simon Quicke

Security players have welcomed the moves by the EU to outline plans to strengthen data protection laws with much greater penalties than those that currently exist for those that are careless with user information.

Under plans announced by the European Commission there would be a mandatory data breach notification and those that fail to do so could face fines of up to 2% of revenues.

In the UK the Information Commissioners Office has the right to hand out a potential half a million pound fine to those that have been shipshod with data.

Although the legislation is not due to come into effect until two years after adopted, and there is a way to go before it is given the green light, those that sell data protection products have already reacted positively to the proposed changes.

"This new law makes it essential for organisations to improve the use of the data generated by their IT systems, in order for any aberrant activity to be more quickly and effectively identified," said Ross Brewer, vice president and managing director for international marklets at LogRhythm.

Although he worried about the potential for over notification he saw the plus points of making it necessary for more data protection controls.

Gerald Eschelbeck, Sophos CTO, said that any strengthening of the data laws "has to be a positive" and it would be updating its reseller and customers about the proposed changes.

"Broadly, regulatory changes have had a positive impact on information security, driving better security architectures, and therefore improving protection of customer data," he added.


Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.