Photo of Thomas Kopp

Thomas Kopp’s practice focuses on financial institutions, corporate and sovereign clients and covers a broad range of practice areas, including corporate governance, regulatory compliance and enforcement, capital markets, mergers and acquisitions, and dispute resolution, in a post-transactional context or otherwise.

From May 2018, organizations established or providing services in the EU will be subject to new national and EU-wide cybersecurity legislation, as regulators in EU Member States begin to apply both the General Data Protection Regulation and national legislation implementing the Network and Information Security Directive.

These new laws will significantly increase the territorial and sectoral scope of organizations subject to EU cybersecurity obligations and introduce strict data security and breach disclosure obligations with potentially severe penalties for non-compliance.

This tightening of the EU cybersecurity regime coincides with similar developments in other jurisdictions worldwide and reflects a global trend for legislators and regulators to require organizations to observe increasingly stringent cybersecurity practices.  This memorandum considers the key components of the new EU laws and outlines a number of recent cybersecurity developments in other key jurisdictions.

Click here, to continue reading.