Enterprises: New European Data Laws Are Unreasonable

The European Commission recently unveiled an elaborate proposal for new data protection legislation that would impact organizations throughout the European Union's 27 member states. However, some businesses say some of the regulations may be nearly impossible to accommodate.

According to a CSO report, several companies believe it will be difficult to notify authorities of a serious data breach within 24 hours, one of many standards in the EC's proposal.

"Mandatory reporting of data breaches within 24 hours will be difficult, if not impossible, to comply with," Bridget Treacy, a partner at law firm Hunton & Williams, told the source.

Ross Brewer, VP and managing director for international markets at LogRhythm, told CSO the main problem is many companies don't have systems capable of detecting a breach in that time frame.

"Unfortunately, all too often [data generated by organisations' IT systems] is managed in an inefficient and disparate manner," Brewer said. "This can lead to inaccurate data breach notifications being issued. Many companies have found themselves forced into issuing blanket breach notifications, which may even overstate the severity of the incident, due to a lack of visibility within their IT systems."

Despite many companies calling the new legislation "aggressive," the data protection proposal said enterprises that breach it regulations can be fined up to 2 percent of their annual global turnover. One expert told the source the high fine could force executives to make improving their business' data security a top priority.

It's debatable whether or not the EC's data protection rules are reasonable, but businesses should still attempt to increase their data protection efforts. In a recent Forbes blog post, expert Vince Plaza said protecting the gateway layer and the endpoint are among the most vital areas of improvement for most enterprises, as they are often most vulnerable.