Violating new European Union data privacy rules could cost companies millions

Online gambling operators could face massive fines if they violate the European Union’s new data protection and privacy law.

On Tuesday, the European Commission announced that its member states had finally reached agreement on the final draft of the EU Data Protection Reform. The agreement will ensure a uniform data protection and privacy system across the continent but also contains harsh penalties for companies who fail to observe its rules.

The Reform consists of two instruments. The General Data Protection Regulation will require companies to (among other things) better explain to individuals how their data is being used as well as notifying consumers when their data has been hacked (and not waiting six years to do so). The Data Protection Directive will give law enforcement better cross-border cooperation in combatting crime.

Among the Reform’s most significant provisions are the potential penalties for companies who fail to abide by the new rules. The maximum corporate fine for violating user privacy is 4% of a company’s worldwide revenue, which could total tens of millions of dollars for some online gambling companies – particularly the new behemoths – while a technology giant like Google could theoretically be looking at fines in the billions.