A whitepaper published by the European network and Information Security Agency (ENISA) gives an overview of the legal aspects of cyber security in the European Union (EU). Although, the majority of data breaches do normally make it to the press but there are many breaches which remain either undetected or not reported. EU considers effective legislation is key here and it engaged all Member States to transpose the relevant EU directive into national laws that obliges providers of public communication networks and services to report security incidents to national authorities.
Download ENISA’s whitepaper from here – https://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/cyber-incident-reporting-in-the-eu/at_download/fullReport