New data breach rules for Telcos and ISPs: Requirements and limitations


On 25 August 2013, a new European Regulation came into effect, changing and expanding the procedure for breach notification laid out in the E-Privacy Directive 2002/58/EC. It applies to “providers of publicly available telecommunications services” (e.g. telecommunication companies, ISPs, email providers, often collectively known as “PECS providers”).

The Regulation outlines two breach notification obligations: (i) to the relevant national authority (which is not necessarily the local data protection authority), and (ii) to affected individuals.

We have created an overview of the new requirements for this regulation as compared to the E-Privacy Directive, and a list of where the notification procedures can be found for each country where we have offices.

Click here to read the report >>