Technology companies could face fines of up to 4% of their global annual turnover under new European rules on data protection.
The move marks the biggest shake-up to privacy regulation for 20 years, according to experts.
A “strong compromise” on how to ensure a high level of data protection across the EU was agreed by Parliament and Council negotiators this week.
The new rules will forcing companies to pay 4% of their global turnover in fines if they breach the European Union’s data protection regulations have today been formally agreed.
The legislation will create a uniform set of rules across the EU “fit for the digital era,” said the EU in a press release.
It said they should also improve legal certainty and boost trust in the digital single market for citizens and businesses.
“The new rules will give users back the right to decide on their own private data”, said Parliament’s lead MEP on the regulation, Jan Philipp Albrecht.
Following this political agreement reached in trilogue, the final texts will be formally adopted by the European Parliament and Council at the beginning 2016. The new rules will become applicable two years thereafter.
The new draft policy, in discussion since 2012, will need to be ratified by the European Parliament next year.
Other changes include:
Jan Philipp Albrech, chief negotiator, said of deal: “This would be a major step forward for consumer protection and competition and ensure Europe has data protection rules that are fit for purpose in the digital age.”
Stewart Room, head of data privacy at PwC, said: “The scale and breadth of the EU’s changes to privacy rules will deliver unprecedented challenges for business and every entity that holds of uses European personal data both inside and outside the EU.
“Most companies will be shocked at the scale of the new rules and the work that needs to be done before the laws take effect in two years – it is not much time for the magnitude of the internal changes that will be required.”