ABSTRACT
While security risks have increased with the Internet, security issues are just limited to the organization's Internet. In addition, quite apart from the new general data protection regulation, there is also a new Directive coming that deals specifically with security issues, in addition to the security obligations in the general data protection regulation (GDPR). The Network and Information Security Directive was proposed in 2013 and was significantly advanced by the time of writing. When the personal data breach is likely to result in a high risk to the rights of natural persons, the controller must communicate the personal data breach to the individual data subject without undue delay. Prior to the new GDPR, the UK data protection supervisory authority Information Commissioner's Office, for example, has issued recommendations in relation security issues, namely These now need to be read in light of the GDPR changes, as, indeed, do similar guides elsewhere.
