CSIRT-CY
CSIRT — Cyber Incident Response
NIS2 Art. 23 requires essential and important entities to report significant cyber incidents to their national CSIRT.
- Regulation
- NIS2 Directive 2022/2555, Art. 23
- Deadlines
- 24h early warning, 72h notification, 1-month final report
- csirt@dits.dmrid.gov.cy
- Website
- https://csirt.cy/
Office of the Commissioner for Personal Data Protection
Data Protection Authority
GDPR Art. 33 requires notification of personal data breaches to the supervisory authority within 72 hours. Art. 34 may require notification to affected data subjects.
- Regulation
- GDPR (Regulation 2016/679), Art. 33-34
- Deadline
- 72 hours after becoming aware of the breach
CySEC
Financial Supervisory Authority
DORA Art. 19 requires financial entities to report major ICT-related incidents to their competent financial authority.
- Regulation
- DORA (Regulation 2022/2554), Art. 17-19
- Deadline
- 4 business hours for major incidents
- info@cysec.gov.cy
- Website
- https://www.cysec.gov.cy/
Track these deadlines automatically
SiteGuardian pre-fills your reporting contacts, tracks NIS2 and GDPR deadlines, and logs every notification step for audit evidence.
Start monitoring free →