The Marriott International Inc. data breach may mean significant penalties under the EU’s General Data Protection Regulation.
Companies that experience serious breaches involving EU citizens’ information can be hit with lawsuits and fines of up to four percent of their annual revenue.
The incident “seems likely to be yet another early test case of how aggressive regulators are going to be with GDPR,” Bloomberg Intelligence analyst Tamlin Bason said.
Companies must notify regulators of data breaches within 72 hours of discovering the breach under the GDPR. The U.K.'s data protection authority Nov. 30 said Marriott informed the agency about the ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.