New Research Article published: Don’t tell them now (or at all) – responsible disclosure of security incidents under NIS Directive and GDPR

In this article, we critically analyse the timeline for notifications of third parties under the NIS Directive and the GDPR in the case of security and privacy incidents from a legal and technical perspective. While a need to mitigate an immediate risk of damage for an individual would call for prompt notification of data subjects, … Continued