Overview

It is generally accepted that the personal data protection regime in Europe created by EU Privacy Directive 95/46, and the various national laws implementing the Directive, is one of the strictest in the world. Yet the number of data security breaches (even by heavily regulated companies such as banks and insurers) continues to increase at an alarming rate.

As a result, fines levied by the regulators in respect of such breaches have also significantly increased; for example, a £4 million fine was levied recently against a UK bank. Mandatory notification of all data security breaches was the inevitable next step. The first industry to be subject to this type of EU mandatory reporting requirement was the communications sector. On the 5 November 2009 the EU Parliament and Council of Ministers agreed to pass the first law in Europe as part of the Telecom Package of reforms, providing for the mandatory notification of data security breaches by communication providers, such as telecoms and Internet Service Providers (ISPs).


To read more, click ‘View Briefing’