Cybersecurity in the EU - The New Regime under the GDPR and NISD
May 3, 2017
From May 2018, organizations established or providing services in the EU will be subject to new national and EU-wide cybersecurity legislation, as regulators in EU Member States begin to apply both the General Data Protection Regulation and national legislation implementing the Network and Information Security Directive.
These new laws will significantly increase the territorial and sectoral scope of organizations subject to EU cybersecurity obligations and introduce strict data security and breach disclosure obligations with potentially severe penalties for non-compliance.
This tightening of the EU cybersecurity regime coincides with similar developments in other jurisdictions worldwide and reflects a global trend for legislators and regulators to require organizations to observe increasingly stringent cybersecurity practices. This memorandum considers the key components of the new EU laws and outlines a number of recent cybersecurity developments in other key jurisdictions.