France has just announced that any electronic communication service provider operating in France must notify people if they incur a data breach.
Service providers that fail to comply with these new laws could face up to 5 years in prison and a fine of €300,000.
This new law has come in place after a recommendation from the European Union’s ePrivacy Directive (2002). Germany and Spain already have similar laws in place for ISP’s and telcos, but their fixed fines are just €1,000, which is only 0.33% of what France can now fine.
Keeping up to date with different laws within EU countries can be a complicated and time-consuming process. Although most European countries comply with the European Data Protection Directive, each individual country has it’s own laws which must be obeyed.
To gain a thorough understanding of operating within the EU, read Data Protection: A Practical Guide to UK and EU Law, Third Edition. This invaluable handbook offers practical solutions to issues arising in relation to UK and EU data protection laws.