We`re just sending through your details

Please give us a few moments whilst we get your account ready.


ePrivacy Regulation

ePrivacy Regulation

posted in Backup & Recovery ● 17 Oct 2017

There has been a lot of talk about how to become compliant with data laws and regulations in the coming months, especially around GDPR. However, the European Council has also proposed a second regulation designed in line with GDPR to form the two pillars of data protection across Europe. The Regulation on Privacy and Electronic Communications (ePrivacy Regulation), is designed to reinforce trust in and security in the Digital Single Market, a sector of the European single market that covers digital marketing, E-commerce and telecommunication.

‘This regulation applies to the processing of electronic communications data carried out in connection with the provision and use of electronic communications services and to information related to the terminal equipment of end-users’

All processors and controllers who look after electronic communications will have to ensure compliance with the regulation, as well as the GDPR. Throughout the regulation there are regular references to the GDPR.

When is the regulation going to take effect?

Despite not being as well known as the GDPR, the date for compliance with the ePrivacy Regulation is the 25th May 2018, the same day as the GDPR. As the regulation has stipulations around the use of electronic communications data created by software applications, software implemented before May will have until August to become compliant.


Key points of the ePrivacy Regulation

The ePrivacy Regulation is being put into place to strengthen the protection that European citizens have. As with the GDPR, there are updated definitions relating to the regulation, these are set out in Article 4 of the regulation, some of the key ones are:

Electronic Communications Data is defined as electronic communications content and electronic communications metadata.

Electronic Communications content is defined as the content exchanged by means of electronic communications services, such as text, voice, video, image and sound.

Electronic Communications Metadata is defined as data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content.

These new definitions aim to give clarity to the regulation and the data processors and controllers who will have to adhere to it.


One key area under the new regulation is the protection of data and the stance that ‘Electronic Communications data shall be confidential’. This will protect users from having their sensitive data such as text or email messages from being accessed by service providers and other organisations. Article 6 under the regulation sets out the conditions for the confidentiality of data to be removed, however the stated reasons for this include the need to have consent from the user. In line with the GDPR the definition for consent has also been updated.

Consent is defined as any freely given, specific, informed and unambiguous indication of the data subjects wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Chapter V: Penalties

Chapter V of the regulation documentation sets out all remedies, liabilities and penalties that can be enforced following a breach in compliance. These include the right to compensation for data-subjects. Different articles within the regulation, when breached, carry their own penalties, penalties which are the same as those posed by the GDPR.

The maximum penalty that can be given by the data regulation authority involved is up to €20million or 4% of global revenue. This penalty can be given should an undertaking (serious data breach) occur or if Articles 5, 6, 7 or 18 be breached.

  • Article 5 is the Confidentiality of Electronic Communications Data.
  • Article 6 is the Permitted processing of Electronic Communications Data.
  • Article 7 is the Storage and erasure of Electronic Communications Data.
  • Article 18 refers to the responsibilities of Independent Supervisory Authorities.

Penalties of €10million or 2% of global revenue can also be given (A8, A10, A15, A16) and for some Articles the decision of the penalty imposed falls to the member state.



Redstor have been helping organisations to comply with data protection laws and regulations for almost 20 years. As a specialist in protecting and securing data, Redstor have helped organisations adhere to the Data Protection Act (DPA), the School Financial Value Standards (SFVS) and other industry specific regulations. With the impending General Data Protection Regulation (GDPR), Redstor is committed to helping all organisations comply.

See the future of data management. Now

Watch our product demos to find out more about our solution.

10 things every IT service provider should know about providing Azure Kubernetes Services (AKS) backup

Kubernetes data protection represents a massive opportunity. Around 30% of global organizations are currently running containerised applications in production – by 2022, Gartner predicts that figure will be as high as 75%.

Continue reading
Vital new role of AI in keeping backup data safe from malware

Vital new role of AI in keeping backup data safe from malware

Every day more than 350,000 new types of malware are unleashed on the internet. The scale of the problem is so massive, it is no longer enough to have traditional anti-virus software, solely defending against known threats.

Continue reading
Xero Data Backup

Why you should consider Xero Data Backup for your accountancy firm

Ignoring the need for a third-party backup is a major gamble. Xero’s own Services Agreement states: “You must maintain copies of all data inputted into the service. Xero expressly excludes liability for any loss of data no matter how caused.”
Continue reading