GDPR and NIS Directive approach to regulation will lead to the need for more compliance programs. In May 2018 two important legislative project will come to the forefront: The NIS Directive will need to be implemented by Member States by then, while the GDPR will directly be applicable in all Member States. Both laws stress the importance of assessments and systematic analysis of risks. This is best done via compliance programs.
The upcoming NIS Directive combined with the GDPR will change the legal framework in which any company that operates in the EU is acting. Most incidents will have to be assessed and reported, fines might be applied, and this will make cybersecurity plans a priority in terms of technical defenses, dedicated procedures and company culture. Best practices will constantly change and in order to face this ongoing and ever evolving risk companies will have to organize dedicated resources, internal policies and cyber-crisis response teams
The rise of the activists and private enforcement. Once the GDPR is applicable, NGOs and activists are likely to choose targets for strategic privacy law suits. The Austrian Privacy activist Max Schrems' nonprofit NOYB is the first one to emerge, promising to make use of the GDPR's article on collective actions, but more will come.
The GDPR will impact the telecommunications industry less than many others due to its Art 95 stating that in the context of operating telecommunications networks and providing telecommunications services, the current ePrivacy Directive 2002/58/EC remains applicable and takes precedence over the GDPR. At the same time, the EU Lawmakers are working on the proposal of an ePrivacy Regulation with the timeline for completing the legislative process currently open. Some elements of the proposal primarily concerning advertising and online tracking are highly controversial while its provisions for the telecoms sector will probably not bring major changes to the existing legislation. While the regulations is unlikely to become applicable next year, the debate on its controversial suggestions can be expected to become even more heated next year.