Please enable JavaScript.
Coggle requires JavaScript to display documents.
Regulations - Coggle Diagram
Regulations
-
GDPR
-
-
If a cyberincident occurs which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed, a disclosure is required to the Information Commissioner's Office without delay
If the cybersecurity incident is likely to result in a high risk to the rights and freedoms of natural persons, the GDPR requires the person to notify the affected individuals right away
The threshold for notification to individuals is therefore higher than that for a notification to the ICO
If the cybersecurity incident triggers both disclosures the company will have to ensure that the notifications required by both sets of regulations are released simultaneously
Market Abuse
Listed companies are required to disclose any incident which was significant enough to be considered price sensitive - i.e have a significant effect on the company's share price
The board, in assistance with management will need to ensure that there is a process in place to identify significant breaches and raise them to board level sot hat this reporting requirement is met
-