Member states in December reached an agreement to standardize data protection in the European Union and penalize non-conforming companies, but the agreement is not yet law.
The proposed EU Data Protection Reform bill would create one system to protect data and personal privacy across the union’s member states, and requires companies to explain the changes to their respective customers and notify them when their information has been accessed illegally.
Any company that violates the new data and privacy protection bill faces a fine equal to 4 percent of the global turnover, which could cost some companies hundreds of millions of dollars in the event of a data and privacy breach.
The bill also establishes punishments for companies located outside of the European Union that do business with people located within member states. For the online gaming industry, that means some large operators might find themselves running afoul of the new standards and shelling out hundreds of millions of dollars in fines.
While the proposed data and privacy protection rules might have a significant impact on the online gaming industry, the rules are more than two years away from full implementation.
The European Parliament won’t look at a final draft of the proposed reform measure until early 2016, and then must undergo the legislative process to make it law. Even if enacted, it would take up to two years for the measure to take full effect.