5 Key Differences In EU And US Breach Notification Regimes

By Wim Nauwelaerts, Kim Peretti and Nameir Abbas (December 18, 2020, 4:05 PM EST) -- The state of California passed one of the first breach notification laws in the early 2000s, and since that time every U.S. state has passed some form of breach notification law.

These laws generally require notification to the individuals affected by a data breach as well as potentially a state regulator.

While there are some nuances and key differences, the timing and content of notifications, triggers for reporting, threshold for regulatory reporting and information covered are generally consistent.

On the other hand, the European Union's General Data Protection Regulation became effective in 2018, introducing the EU's first unitary standard for breach...

Stay ahead of the curve

In the legal profession, information is the key to success. You have to know what’s happening with clients, competitors, practice areas, and industries. Law360 provides the intelligence you need to remain an expert and beat the competition.

  • Access to case data within articles (numbers, filings, courts, nature of suit, and more.)
  • Access to attached documents such as briefs, petitions, complaints, decisions, motions, etc.
  • Create custom alerts for specific article and case topics and so much more!


Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!