Formal DCMS response awaited by the end of the year on consultation to implement the Cyber Security Directive in the UK

The public consultation issued by the UK Department for Digital, Culture, Media & Sport on implementing the EU Network and Information Security Directive (“Cyber Security Directive”) into national legislation closed on 30 September 2017 (the “Consultation”). The Consultation sets out the UK Government’s planned approach for implementing the Cyber Security Directive, along with a series … Read more

The GDPR: ICO issues draft guidance on data controller and processor liability

In the run up to the GDPR applying from next year, there has been a variety of practical guidance for compliance at the European level through the Article 29 Working Party (“WP29”) (which reflects the consolidated view of national supervisory data protection authorities in each member state) and at the national level through the UK … Read more

The GDPR: Practical European Guidance on personal data breach notification requirements

The GDPR introduces a new mandatory requirement for all controllers to notify the appropriate data protection authority of a “personal data breach” likely to result in a risk to people’s rights and freedoms, for example following a cyber-attack. This will include providing the regulator with a significant amount of information about the breach and marks … Read more

Cyber insurance requirements in commercial contracts: getting it right

Cyber incidents have the capacity to cause many different types of loss. Insurance coverage exists for at least some aspects of cyber risks in the UK market. However, given the range and diversity of risks that may arise, there are some key issues for businesses to consider when it comes to insurance against cyber risks … Read more