Cybersecurity breach notification requirements
Produced in partnership with Chris Benn of Fieldfisher and Nicola Fulford of Hogan Lovells
Cybersecurity breach notification requirements

The following Information Law practice note produced in partnership with Chris Benn of Fieldfisher and Nicola Fulford of Hogan Lovells provides comprehensive and up to date legal information covering:

  • Cybersecurity breach notification requirements
  • Cybersecurity and the law
  • What is cybersecurity and what is a cyber attack?
  • The rising threat of cyber attacks
  • Legislative framework and regulatory developments
  • EU regulatory framework—security obligations and breach notification requirements
  • General Data Protection Regulation
  • UK regulatory framework—security obligations and breach notification requirements
  • Network and Information Systems Regulations 2018
  • Privacy and Electronic Communications (EC Directive) Regulations 2003
  • More...

IP COMPLETION DAY: 11pm (GMT) on 31 December 2020 marks the end of the Brexit transition/implementation period entered into following the UK’s withdrawal from the EU. At this point in time (referred to in UK law as ‘IP completion day’), key transitional arrangements come to an end and significant changes begin to take effect across the UK’s legal regime. This document contains guidance on subjects impacted by these changes. Before continuing your research, see Practice Note: What does IP completion day mean for Information Law?

STOP PRESS: This Practice Note will be updated shortly to reflect the European Data Protection Board (EDPB’s) Guidelines 01/2021 on Examples regarding Data Breach Notification published in January 2021. Meanwhile see LNB News 18/01/2021 93.

Brexit: On 31 January 2020, the UK ceased to be an EU Member State and entered an implementation period, during which it continues to be subject to EU laws, including those relating to cybersecurity and data protection. During this period, the UK generally continues to be treated as an EU (and EEA) state for EU and UK data protection law and cybersecurity purposes. Any references to EEA or EU states in this Practice Note should therefore be read to also include the UK until the end of the implementation period. For further guidance on that period, its duration and the data protection and cybersecurity laws that

Popular documents