The EU is expected to approve a new personal data protection law replacing a set of 28 different laws of individual member states.
The new law, which will require companies to report breaches to authorities within 72 hours or face hefty fines, will also give regulators greater enforcement powers.
The current set of European laws, dating back to the 1990s, allows authorities in most countries to only impose fines that are negligible compared to the revenues of the companies involved. In some countries, no fines can be applied at all.
The new law, if passed, may allow regulators to demand companies in breach of the law pay up to 4 or 5 per cent of their global revenues, providing a much stronger lever to making them pay attention to data privacy issues.
"It is believed that many breached organisations are not currently disclosing breaches so the new directive will force the hand of organisations," said Jeremy King, international director at payments security trade group PCI Security Standards Council.
Experts have warned that major data breaches in Europe may be left unreported, putting consumers and businesses at risk, due to outdated regulations.
Even though most of the recent major reported data theft scandals have taken place in the USA, it's been suggested that the situation in Europe might be just as grim – the only difference being that no one knows about it.
In addition to increased fines, the new law will make the companies accountable to only one regulator in Europe in the country where it has its European headquarters.
Currently, global companies such as Google or Facebook have to deal separately with regulators in every country where they operate. Recently, Facebook has had a problem with the Belgian Privacy Commission, which sued the internet giant over privacy breaches. Facebook argued it should only be regulated by the authority in Ireland, where it has its European headquarters.