Cloud Backup

We`re just sending through your details

Please give us a few moments whilst we get your account ready.


ePrivacy Regulation

ePrivacy Regulation

posted in Backup & RecoveryBackup & Recovery ● 29 Nov 2016

There has been a lot of talk about how to become compliant with data laws and regulations in the coming months, especially around GDPR. However, the European Council has also proposed a second regulation designed in line with GDPR to form the two pillars of data protection across Europe. The Regulation on Privacy and Electronic Communications (ePrivacy Regulation), is designed to reinforce trust in and security in the Digital Single Market, a sector of the European single market that covers digital marketing, E-commerce and telecommunication.

‘This regulation applies to the processing of electronic communications data carried out in connection with the provision and use of electronic communications services and to information related to the terminal equipment of end-users’

All processors and controllers who look after electronic communications will have to ensure compliance with the regulation, as well as the GDPR. Throughout the regulation there are regular references to the GDPR.

When is the regulation going to take effect?

Despite not being as well known as the GDPR, the date for compliance with the ePrivacy Regulation is the 25th May 2018, the same day as the GDPR. As the regulation has stipulations around the use of electronic communications data created by software applications, software implemented before May will have until August to become compliant.


Key points of the ePrivacy Regulation

The ePrivacy Regulation is being put into place to strengthen the protection that European citizens have. As with the GDPR, there are updated definitions relating to the regulation, these are set out in Article 4 of the regulation, some of the key ones are:

Electronic Communications Data is defined as electronic communications content and electronic communications metadata.

Electronic Communications content is defined as the content exchanged by means of electronic communications services, such as text, voice, video, image and sound.

Electronic Communications Metadata is defined as data processed in an electronic communications network for the purposes of transmitting, distributing or exchanging electronic communications content.

These new definitions aim to give clarity to the regulation and the data processors and controllers who will have to adhere to it.


One key area under the new regulation is the protection of data and the stance that ‘Electronic Communications data shall be confidential’. This will protect users from having their sensitive data such as text or email messages from being accessed by service providers and other organisations. Article 6 under the regulation sets out the conditions for the confidentiality of data to be removed, however the stated reasons for this include the need to have consent from the user. In line with the GDPR the definition for consent has also been updated.

Consent is defined as any freely given, specific, informed and unambiguous indication of the data subjects wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


Chapter V: Penalties

Chapter V of the regulation documentation sets out all remedies, liabilities and penalties that can be enforced following a breach in compliance. These include the right to compensation for data-subjects. Different articles within the regulation, when breached, carry their own penalties, penalties which are the same as those posed by the GDPR.

The maximum penalty that can be given by the data regulation authority involved is up to €20million or 4% of global revenue. This penalty can be given should an undertaking (serious data breach) occur or if Articles 5, 6, 7 or 18 be breached.

  • Article 5 is the Confidentiality of Electronic Communications Data.
  • Article 6 is the Permitted processing of Electronic Communications Data.
  • Article 7 is the Storage and erasure of Electronic Communications Data.
  • Article 18 refers to the responsibilities of Independent Supervisory Authorities.

Penalties of €10million or 2% of global revenue can also be given (A8, A10, A15, A16) and for some Articles the decision of the penalty imposed falls to the member state.



Redstor have been helping organisations to comply with data protection laws and regulations for almost 20 years. As a specialist in protecting and securing data, Redstor have helped organisations adhere to the Data Protection Act (DPA), the School Financial Value Standards (SFVS) and other industry specific regulations. With the impending General Data Protection Regulation (GDPR), Redstor is committed to helping all organisations comply.

Cyber-attack on The Works is a warning to others

The recent cyber-attack on discount retailer The Works, emphasises the need for organisations of all sizes to invest in ransomware prevention measures.

Continue reading

Redstor Appoints Channel Leader Mike Hanauer as CRO to Spearhead Global Sales Expansion

Reading, April 28, 2022 – Redstor, the cloud-first backup platform of choice for MSPs, today announced the appointment of accomplished channel sales executive Mike Hanauer in a newly created role of Chief Revenue Officer (CRO). Known across the market for his revenue-generating successes with top data protection, recovery and security companies, Hanauer will spearhead global expansion plans for Redstor’s category-leading SaaS platform.

Continue reading

What is the Digital Operational Resilience Act?

The Digital Operations Resilience Act (DORA) is the European Union’s attempt to streamline the third-party risk management process across financial institutions.

Continue reading

Download The Ultimate MSP Growth Guide

  • This field is for validation purposes and should be left unchanged.