Dealing with data security breaches — the future

In January 2012, the European Commission unveiled its draft data protection Regulation (Regulation), intended to update and harmonise EU data protection law. Eighteen months later, the draft is still being hotly debated with the European Parliament currently considering more than 3000 suggested amendments to the draft. The Regulation has been described as the most lobbied legislation in EU history and few issues have caused more consternation than the proposals around dealing with data security breaches. 

Under the Regulation there would be mandatory reporting of data security breaches. Organisations would have to inform the relevant data protection authority (DPA) of a breach ‘without undue delay and, where feasible, not later than 24 hours of becoming aware of it’. In addition, they would then have to inform data subjects ‘without undue delay’ unless the relevant data protection authority were satisfied that the data was sufficiently protected from being accessed by an unauthorised user, for example, by encryption. Data processors would be subject to the still more onerous requirement to inform data controllers ‘immediately’ of any data security breach.

Most obviously, in the current draft there are no exceptions to the requirement to notify data security breaches to DPAs. This means that every security breach, no matter how insignificant, will, in theory, have to be reported. Not only would this place a huge administrative burden on organisations, the EU does not appear to have thought about how DPAs would process, much less act on this information. In addition, in order to comply with the time frames, data controllers are likely to have to provide incomplete notifications to be supplemented at a later date, thereby adding to the administrative burden for all concerned…

If you are registered and logged in to the site, click on the link below to read the rest of the Taylor Wessing briefing. If not, please register or sign in with your details below.

Sign in or Register to continue reading this article

Sign in


It's quick, easy and free!

It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.

Register now

Why register to The Lawyer


Industry insight

In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.


Market intelligence

Identify the major players and business opportunities within a particular region through our series of free, special reports.


Email newsletters

Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.

More relevant to you

To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.

Briefings from Taylor Wessing

View more briefings from Taylor Wessing

Analysis from The Lawyer

  • merger deal

    Corporate crunch time: who will triumph at The Lawyer Awards 2014?

    As the equity capital markets rocketed back into favour and global M&A saw at least a partial return to form, there have been some rich pickings for The Lawyer’s Corporate Team of the Year award shortlisted firms in 2014. 

  • singapore orchid

    Singapore: Cash course

    The city-state is working hard to become a global wealth management hub, and law firms are gearing up for a prosperous new world

View more analysis from The Lawyer


5 New Street Square

Turnover (£m): 241.20
No. of lawyers: 860 (UK 200)
Jurisdiction: UK
No. of offices: 6
No. of qualified lawyers: 73 (International 50)
No. of partners: 29