Data breach notifications were firstly introduced in 2009 by means of amendments to the E-Privacy Directive, where such data breaches occurred in connection with the provision of publicly available electronic communications service. Further on, GDPR extended data breach notification obligation to all industries. The initial scope was to have a single notification regime, as E-Privacy Directive was intended to be replaced by E-Privacy Regulation, when GDPR became applicable. Since E-Privacy Regulation has a long way until entering into force, an electronic communications provider has difficulties in navigating through two regulatory regimes when it comes to data breach notifications. The complete article is available here.