The European Court of Justice (ECJ) has made a ruling that could dramatically increase the costs of data compliance for firms.
The court ruled that "data protection legislation of a Member State may be applied to a foreign company which exercises in that State".
Previously firms only had to be compliant with data regulations in member state, but now they will have to be compliant in every EU country in which they operate.
Alexandra Renison, head of Europe and trade and policy told CBR: "Now, if companies have any operations in other EU countries, they will have to be compliant with those regulations in each individual country, and subject to many different Data Protection Authorities..
"You could face suits for having a uniform DP policy that is not necessarily compliant with the regs in other member states."
This will raise the cost of compliance for many multinational firms, she said.
Ashley Winton, UK head of data protection at international law firm Paul Hastings said: "Previously, European laws allowed multinational businesses with operations in Europe to be only subject to the data protection laws of one European country.
"This was to the benefit of many companies, some of whom elected to create an establishment in the UK or Ireland, where data protection laws and practises are more liberal and arguably more business friendly".
The ruling came in the Weltimmo case, which dealt with the issue of whether the Hungarian data protection supervisor has jurisdiction over a website from Slovakia operating in Hungary. However, the ruling could have consequences for Silicon Valley giants who process data in Europe.
