The joint paper by paper by Beltug and DLA Piper offers a comprehensive overview of the three legislative instruments, plus a more detailed description of the notification requirements under each. And it highlights the ‘interplay’ between the notification obligations, for example when a single cyber or data incident might need to be reported to various authorities because of the requirements in the different legal acts and directives.