The EU is finalising legislation, requiring online businesses and organisations with online operations to report data and security breaches. The data breach notification requirement has been prepared for a while and similar measures exist for telecom since 2009. By taking the notification rules a – big – step further, the EU is including various online platforms where personal data are stored and used intensively.
The directive can touch many businesses and it goes beyond the expectations many in the industry that it would mainly cover organisations in industries such as finance. However, now social networks, e-commerce platforms, online banking systems, SaaS solutions (CRM, marketing, file sharing, etc.) and transactional platforms can all be affected. [Read more...]