Cybersecurity breach notification requirements

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity breach notification requirements
  • Cybersecurity and the law
  • What is cybersecurity and what is a cyber attack?
  • The rising threat of cyber attacks
  • The role of the National Cyber Security Centre (NSCS)
  • Legislative framework and regulatory developments
  • UK regulatory framework—security obligations and breach notification requirements
  • UK GDPR
  • Network and Information Systems Regulations 2018
  • PECR 2003
  • More...

Cybersecurity breach notification requirements

Coronavirus (COVID-19): The Information Commissioner’s Office (ICO) has stated that it recognises the strain placed on some organisations by the coronavirus pandemic. For guidance on the ICO's advice to organisations and approach to enforcement in connection with the pandemic (including in relation to the reporting of personal data breaches), see Practice Note: The Information Commissioner’s Office (ICO)—Impact of coronavirus (COVID-19) on the ICO’s activities and approach to enforcement.

This Practice Note is intended to provide an overview of the laws and regulations relating to cybersecurity in the UK, with a particular focus on:

  1. the United Kingdom General Data Protection Regulation, Retained Regulation (EU) 2016/679 (UK GDPR)

  2. the Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506 which originally implemented the provisions of the EU’s Network and Information Systems Directive (NIS Directive), Directive (EU) 2016/1148 in the UK (when the UK was an EU Member State)

  3. the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), SI 2003/2426 which originally implemented the EU’s ePrivacy Directive, Directive 2002/58/EC in the UK (when the UK was an EU Member State), and

  4. the Financial Services and Markets Act 2000 (FSMA 2000) and the Financial Conduct Authority (FCA) Handbook

These laws and regulations are discussed in the context of:

  1. the entities that are required to comply with such rules

  2. the security obligations

  3. the notification requirements in

Popular documents