To make sure that data breaches (e.g. stolen, lost or unauthorised access to data) are reported in a consistent manner across the EU, the revised ePrivacy Directive (2002/58/EC) allows the European Commission to propose technical implementing measures with regard to the notification procedures. For example, when a personal data breach occurs, the provider must report the breach to a specific national authority, usually the data protection authority or the communications regulator. Also, the provider has to inform the subscriber if there is a risk to the security of personal data or privacy. The Commission wishes to engage with all relevant stakeholders – such as telecoms operators, internet service providers, Member States, data protection authorities, national regulatory authorities and consumer organisations – in a public consultation process in order to gather practical input based on existing practice and experience.
Click here for more information.