A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf
.
Don't tell them now (or at all) – responsible disclosure of security incidents under NIS Directive and GDPR
2021
International review of law computers & technology
In this article, we critically analyse the timeline for notifications of third parties under the NIS Directive and the GDPR in the case of security and privacy incidents from a legal and technical perspective. While a need to mitigate an immediate risk of damage for an individual would call for prompt notification of data subjects, there are scenarios which may justify a delay in communication, for instance where a service provider needs to analyse the current attack to prevent further attacks
doi:10.1080/13600869.2021.1885103
fatcat:d6lqww2cw5gvzex7eqsttwrkju