European Cyber Privacy Regulations I Brit Insurance

We’ve compiled this information on privacy and cybersecurity legislation in the Europe Union.

It’s designed as a high-level overview with links to sources for further research. Please read our disclaimer at the bottom of this page.

The EU Charter of Fundamental Rights says that EU citizens have the right to protection of their personal data.

GDPR

EU GDPR is a European Union (EU) law governs the use, processing, and storage of personal data (information about an identifiable, living person).

Regulation (EU) 2016/679 The regulation entered into force on 24 May 2016 and applies since 25 May 2018.

GDPR applies to processors of the personal data of EU citizens or residents even if the processors are not in the EU.

There are seven Data Protection Principles and everything an organisation does, must “by design and by default,” consider data protection. The fines for violating the GDPR are very high - €20 million or 4% of global revenue (whichever is higher), plus data subjects have the right to seek compensation for damages.

GDPR

All European institutions and bodies have a duty to report certain types of personal data breaches to the European Data Protection Supervisor (EDPS). This must be within 72 hours of becoming aware of the breach, where feasible. 

MFA Parallax2

Cyber Security Legislation

NIS 2 Directive

The Directive on security of network and information systems (NIS Directive), ensures the creation and cooperation of government bodies. This Directive was reviewed at the end of 2020 and as a result (NIS2 Directive) entered into force on 16 January 2023. Read our article on NIS2. 

Read more

The Cyber Resilience Act

This is a proposal for regulating cybersecurity requirements for any hardware or software product with digital elements, making them more secure. Read more about the Cyber Resilience Act.  

The Cyber Resilience Act

Cybersecurity Act

The Cybersecurity Act strengthens the role of ENISA (the EU agency that deals with cybersecurity). The agency now has a permanent mandate, and is empowered to contribute to operational cooperation and crisis management across the EU.  

Cybersecurity Act

Cyber Solidarity Act

On 18 April 2023, the European Commission proposed the EU Cyber Solidarity Act, to improve the response to cyber threats across the EU. The proposal will include a European Cybersecurity Shield and a comprehensive Cyber Emergency Mechanism to create a better cyber defence method. 

Cyber Solidarity Act

DORA

The Digital Operational Resilience Act (DORA) is an EU regulation that entered into force on 16 January 2023 and applies as of 17 January 2025. 

It aims to strengthen the IT security of financial entities such as banks, insurance companies and investment firms, making sure that the financial sector in Europe can stay resilient in the event of severe operational disruption. 

DORA makes the rules relating to operational resilience for the financial sector more consistent, applying to 20 different types of financial entities and ICT third-party service providers. 

Critical ICT Third Party Providers (CTTPS) to Europe's financial firms will be subject to DORA's requirements as well. Even providers not deemed CTTPS will likely see requirements pushed down the supply chain and built into their contractual relationships with financial firms. 

DORA

A quick disclaimer about this advice

The information here is not, and doesn’t intend to be, legal advice.

All information, content, and materials are for general information only. The information may not be the most up-to-date, legally or otherwise and may not be exhaustive. This website contains links to other websites – these are for convenience; Brit does not recommend or endorse the contents of the third-party sites.

A quick disclaimer about this advice

Insights

Read the latest insights from our cyber security partners.

Insights

Artboard – 5

Operational Technology (OT): Protecting Critical Systems in a Connected World

19-06-2024 |Cyber
Read more
Woman working on a computer with digital screens in view

Digital Forensics:
Managing a Digital Crime Scene

19-09-2024 |Cyber
Read more
Breach Counsel Teaser

Breach response: leave it to the experts

24-01-2025 |Cyber
Read more
Ai Snippet

Risk Versus Reward: Using AI In Business

22-05-2024 |Cyber
Read more
Cyberpam Header

How cybercriminals exploit MFA reset prompts

25-04-2024 |Cyber
Read more
Ransomware Fullbleed1

Ransomware negotiation: Don’t try this at home

18-03-2024 |Cyber
Read more
Adcybergap Pageimg

Addressing The Cyber Gap With SMEs

29-01-2024 |Cyber
Read more
NIS2 Header

Brit - NIS2: What does it mean for cyber security?

30-11-2023 |Cyber
Read more
DT

The Cyber Security Threat from Digital Twins - Brit

30-11-2023
Read more