United Kingdom: Adopted ICO statement on data breach notification rule (Regulation 5A PECR)

On 20 January 2023, the Information Commissioner's Office (ICO) published a statement on the obligations of public electronic communications service providers (CSPs) under Regulation 5A of the Privacy and Electronic Communications Regulations 2003 (PECR). Regulation 5A PECR implements the UK GDPR obligations, and it requires CSPs to notify the ICO of any personal data breach within 24 hours. In case of non-compliance, CSPs may be fined GBP 1'000.