Cybersecurity breach notification requirements


Produced in partnership with Charlotte Clayson of Trowers & Hamlins and Elizabeth Mulley of Trowers & Hamlins
Practice notes

Cybersecurity breach notification requirements


Produced in partnership with Charlotte Clayson of Trowers & Hamlins and Elizabeth Mulley of Trowers & Hamlins

Practice notes
imgtext

This Practice Note provides an overview of the laws and regulations relating to cybersecurity鈥攅xamining the entities that are required to comply with such rules, their security obligations, the notification Requirements in the event of a breach, and the consequences of failing to comply. It also contains practical guidance on what it takes to be cybersecurity breach ready and managing a cyber attack.

This Practice Note is intended to provide an overview of the laws and regulations relating to cybersecurity in the UK, with a particular focus on:

  1. the United Kingdom General Data protection Regulation, Assimilated Regulation (EU) 2016/679 (the UK GDPR), which was originally based on equivalent EU laws (the EU GDPR)

  2. the Network and Information Systems Regulations 2018 (NIS Regulations), SI 2018/506 which originally implemented the provisions of the EU鈥檚 Network and Information Systems Directive (NIS Directive), Directive (EU) 2016/1148 in the UK (when the UK was an EU Member State)

  3. the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003), SI 2003/2426

Charlotte Clayson
Charlotte Clayson

Trowers & Hamlins LLP

Charlotte is a Partner in Trowers & Hamlins' Dispute Resolution and Litigation team, focusing on complex and high value commercial and public law disputes. Charlotte is also a specialist in Information Law, focusing on contentious data issues, cyber attacks and Freedom of Information issues.
 
Charlotte's commercial litigation experience includes the full range of contractual and commercial disputes and urgent injunctive relief, shareholder disputes, warranty and indemnity claims and sensitive investigatory work.
 
Charlotte has significant experience dealing with disputes in the public sector, including judicial review, planning appeals, contentious procurement, and claims for breach of statutory duties such as the Equality Act 2010 and the Care Act 2014).
 
Charlotte's expertise in Information Law includes preparing for data privacy breaches and cyber attacks, advising on crisis response, risk mitigation and breach investigation, notifications to and liaison with regulators, customers and stakeholders, and subsequent litigation. Charlotte also regularly advises clients on a range of complex Freedom of Information and Environmental Information issues, including making representations to the regulator and providing representation at Tribunal stage.
 

Read moreRead more
Elizabeth Mulley
Elizabeth Mulley

Solicitor, Trowers & Hamlins LLP

Elizabeth is a Senior Associate in Trowers & Hamlins' Dispute Resolution and Litigation department, focusing on complex and high value commercial disputes with particular expertise in fraud disputes and investigations and cyber security breaches.

Elizabeth's expertise in fraud includes securing freezing injunctions both within the English jurisdiction and worldwide and tracing assets and the proceeds of fraud on a global scale. She is also experienced in assisting clients with internal fraud investigations as well as conducting extensive external fraud investigations for clients following complaints reported by whistleblowers. 

Elizabeth also assists clients to prepare for and navigate cyber security breaches if they fall victim. In connection with this, she also advises her clients on their compliance issues and steps to take to prevent fraud and cyber breaches including preparing full suites of financial crime policies and providing training to clients on the same.

Elizabeth acts for both private and public sector clients across a breadth of industry sectors in relation to national and international disputes including acting for businesses, charities, councils, housing associations, government bodies and private individuals.

Read moreRead more
Powered by Lexis+
Jurisdiction(s):
United Kingdom
Related legal acts:
Key definition:
Requirements definition
What does Requirements mean?

A DCO should include 鈥淩equirements鈥 to which the development authorised by the DCO is to be subject. Similar to planning conditions, a requirement specifies the matters for which detailed approval needs to be obtained before the development can be lawfully begin.

Read more readmore

Popular documents

Cybersecurity breach notification requirements

Cybersecurity breach notification requirementsSTOP PRESS鈥擨mpact of the Retained EU Law (Revocation and Reform) Act 2023: This document contains references to retained EU law (REUL) and associated terms introduced by the European Union (Withdrawal) Act 2018 in connection with Brexit. From 1 January

Micklefield clauses

Micklefield clausesWhat is a Micklefield clause?It is common for employee share plans to provide that, on termination of employment (or when an employee is given or receives notice of termination of employment), subsisting share awards will be forfeited and subsisting share options will lapse.It is

What is the difference between an appeal and a review?

What is the difference between an appeal and a review?What is an appeal?An appeal in insolvency proceedings is no different to an appeal in normal litigation. An appeal will be allowed only if the appeal court is satisfied that the decision of the lower court was 'wrong' or 'unjust because of a

Late payment penalties鈥攊nheritance tax

Late payment penalties鈥攊nheritance taxWhile interest often accrues on overdue tax, the late payment of certain taxes may also attract a penalty. For information on the interest accruing on overdue tax, see Practice Notes: IHT鈥攑ayment deadlines on death鈥擨nterest on IHT and Interest on late paid