How to Avoid Making News in Europe for a Data Breach

How to Avoid Making News in Europe for a Data Breach

Blog WilmerHale Privacy and Cybersecurity Law

Until recently, cybersecurity rules in the EU have by and large been governed by a patchwork of national laws containing cybersecurity requirements applied by different EU member countries. That is changing, with cybersecurity now being addressed more systematically at the EU level, as illustrated by the recent entry into force of the EU General Data Protection Regulation (“GDPR”). EU rules in some cases harmonize national rules and in other cases provide an overlay on top of them. It is up to EU member countries to designate which regulator (national competent authority) deals with cybersecurity rules. This may vary, depending on the specific rules at issue. The designated authority could be a communications regulator, a data protection authority, or a cybersecurity agency.

While most companies have focused their attention on the GDPR, the regulatory framework at the EU level is composed of several different regulations or directives with differing goals and varying scope:

  • The GDPR imposes cybersecurity obligations on all companies that process personal data.
  • The ePrivacy Directive currently complements the GDPR and provides more specific rules that apply to providers of electronic communications services.
  • The planned ePrivacy Regulation, which will replace the ePrivacy Directive once it is finalized and adopted, would no longer contain such rules, since they have been moved to a proposed directive intended to establish a European Electronic Communications Code (“EECC”). A separate directive on network and information systems security (“NIS Directive”) applies to critical infrastructure in specific sectors. The EECC and the NIS Directive cover processing activities generally, not just those involving personal data.
  • Finally, the Cybersecurity Act refines the institutional framework for safeguarding cybersecurity in the EU.

We discuss each of these legislative measures in our “8-in-8 Recent Trends in European Law and Policy Alert Series: Cybersecurity and the EU: How to avoid making news in Europe for a data breach?” client alert.

More from this series


Sofern Sie nicht bereits Mandant von WilmerHale sind, folgen Sie bitte diesem Link und lesen Sie den Disclaimer, bevor Sie per E-mail (oder auf andere Weise) mit WilmerHale in Kontakt treten. (Sie können den Disclaimer auch von der Eingangsseite dieser Website aus aufrufen). Wie darin ausgeführt, sollten Sie uns keine vertraulichen Informationen über eine Rechtsangelegenheit übermitteln, bevor Sie von uns eine schriftliche Bestätigung darüber erhalten haben, dass wir Sie in dieser Angelegenheit vertreten werden (Mandatsvereinbarung). Sobald wir es übernommen haben, Sie in einer Sache zu vertreten, können vertrauliche Informationen frei zwischen uns ausgetauscht werden.

Vielen Dank für Ihr Interesse an WilmerHale.