EU Breach Notification Requirements Under the GDPR and NIS Directive: Are You Ready?

October.19.2016

Data breach notification requirements are going global. By spring 2018, companies operating in the European Union must comply with the new General Data Protection Regulation’s (GDPR) data breach notification requirements and the Network and Information Security (NIS) Directive’s security incident notification requirements. Stricter and more far-reaching notification obligations underscore the importance of establishing a proactive Security Incident Response Policy to analyze potential legal obligations and prepare to respond to incidents long before they occur.

To help you prepare to comply with these new requirements, Orrick Data Privacy lawyer Emily Tabatabai teamed up with Palo Alto Networks to offer a free webinar highlighting the key security incident notification requirements under both the GDPR and NIS Directive.

What you’ll learn from the webinar:

Who is subject to these laws?
What are the requirements and the deadlines under each law?
What are the thresholds for notification, and who needs to be notified?
How do these obligations compare to those already in place in the U.S.?
What are the legal consequences of non-compliance?
How should companies prepare to meet their oncoming obligations?

To listen to the Webinar and see the slide deck, please visit “Are you ready for the notification requirements of upcoming EU Legislation?”

Authors

Emily S. Tabatabai Partner, Cyber, Privacy & Data Innovation, Technology Companies Group

Washington, D.C.; Houston

See my bio

D:+1 202 339 8698
E: [email protected]

Practice:

Technology & Innovation Sector
Cyber, Privacy & Data Innovation
Technology Companies Group
Internet of Things
Strategic Advisory & Government Enforcement (SAGE)

vCard

See full bio

Emily S. Tabatabai Partner

Washington, D.C.; Houston

Emily provides strategic counseling and advice on privacy, consumer protection and online safety matters to clients across industries, including retail, ecommerce, mobile apps, gaming, social media, advertising technology (adtech), financial services, education, business services and technology. She also represents clients subject to regulatory investigations, including before the FTC and States Attorneys General, Congressional committees and other regulatory agencies and groups.

Emily provides proactive compliance guidance, and regulatory investigation defense, on a variety of privacy and consumer protection laws, including:

U.S. state privacy laws in California, Colorado, Connecticut, Utah and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA)
Children’s Online Privacy Protection Act (COPPA)
Online safety laws for kids and teens, including California Age-Appropriate Design Code Act (AADC), Utah Social Media Regulation Act and others
Section 5 of the Federal Trade Commission Act (FTC Act) and state unfair and deceptive acts and practices (UDAP) laws
Family Educational Rights and Privacy Act (FERPA)
California’s Student Online Personal Information Protection Act (SOPIPA), New York’s Education Law 2-d and other state student data privacy laws
Illinois’ Biometric Information Privacy Act (BIPA) and other biometric privacy laws
Washington My Health My Data Act and other state health privacy laws
Fair Credit Reporting Act (FCRA)
Gramm-Leach-Bliley Act (GLBA)
Telephone Consumer Protection Act (TCPA)
Telemarketing Sales Rule (TSR)
Restore Online Shoppers’ Confidence Act (ROSCA)

Emily is a frequent speaker on data privacy matters, with a particular focus on children’s privacy (COPPA), student data privacy and EdTech and online safety laws for kids and teens. She has been featured as an “Up and Coming” Privacy & Data Security attorney by Chambers USA and Chambers Global. Clients tell Chambers, “She’s been an excellent partner. She has a very good understanding of the practical realities of implementing privacy policies for large companies.” Citing her expertise in the field of educational privacy, student data and EdTech matters, Chambers reports that clients regard her as “very knowledgeable and truly an expert in this space,” with some saying, “On the student data side, she is unmatched,” and The Legal 500 notes that Emily “is the first port of call for child- and student-directed service providers for compliance advice with COPPA, SOPIPA and CalOPPA regulations.”

Emily also has an active consumer protection practice, focused on marketing and promotional issues. She counsels clients on advertisements and endorsements, retail sales and e-commerce, advertising substantiation, SMS and telemarketing, social media and online advertising.