European Commission hopes legislation update will homogenise policy across the EU.
Tough new rules are set to be brought in to limit the damage caused by data leaks.
The European Commission will today unveil changes to its Data Protection Directive, meaning companies will soon need to change the way they report data breaches.
Vice president of the commission Viviane Reding explained that under the updated rules, businesses that suffer a data leak will be required to inform the data protection authorities and any affected individuals within 24 hours.
As a result of the proposals, international companies may find it easier to understand their obligations as data protection rules will be homogenised across EU nations, Computing.co.uk reported.
This will save firms £1.9 billion a year by lowering administrative costs, the news source said, while businesses will not be allowed to keep hold of an individual’s sensitive information if there is no reason to keep the data on file.
"If an individual no longer wants his personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system," added Ms Reding.
Meanwhile, Reuters reported that the legislation, if passed, would also create a "right to data portability", which would make it easier and faster for customers to transfer their personal information to other organisations and services.
In a speech earlier this week, Ms Reding explained: "Only if consumers trust that their data is protected will they entrust companies with it … We need individuals to be in control of their information.
"In Europe we have too many rules, conflicting rules. The extra cost to business of this fragmentation is 2.3 billion euros a year."
However, firms do not need to start thinking about changing their data protection policies just yet, because the regulations will need to be approved by each EU nation’s government. This could take at least two years to process, Reuters said.