Legal Guidance and Research / Experts / Joseph Hannify
Joseph Hannify#14429

Joseph Hannify

Trowers & Hamlins LLP
Joe is an Associate in the Commercial Disputes department in Trowers & Hamlins' London office, having successfully completed his training contract with the firm in September 2024.
 
He advises clients across a broad range of industries, in both the public and private sectors, including tech providers, financial institutions, local authorities and healthcare providers. Joe assists clients with an array of contentious matters, including corporate and contractual disputes, enforcing restrictive covenants, handling appeals, data breaches and misuse of private information claims.

Practice Area

Panel

  • Contributing Author

Qualified Year

  • 2024

Experience

  • Home Office (2016 - 2021)
  • Eames Consulting (Recruitment) (2014 - 2016)

Membership

  • Society for Computers & Law
  • London Irish Lawyers Association

Qualifications

  • LLB Law with Criminology (2014)
  • LPC with LLM (2018)

Education

  • University of Ulster (2010 - 2014)
  • University of Law (2016 - 2018)

1 Contributions by Joseph Hannify

UK cybersecurity: security obligations, breach reporting and enforcement under UK GDPR, NIS, PECR, FSMA and PSTIA, with practical incident response guidance and forthcoming reforms
PRACTICE NOTES
UK cybersecurity: security obligations, breach reporting and enforcement under UK GDPR, NIS, PECR, FSMA and PSTIA, with practical incident response guidance and forthcoming reforms
FORTHCOMING CHANGE: On 12 November 2025, the Cyber Security and Resilience (Network and Information Systems) Bill (CSRB) was laid before the House of Commons. The CSRB provides for amendments to the Network and Information Systems Regulations 2018 (SI 2018/506), notably widening their scope to cover data centres, managed service providers and large load controllers, and allowing regulators to identify ‘critical suppliers’. It overhauls incident reporting by creating a two‑stage process—an initial alert within 24 hours followed by a comprehensive report within 72 hours—and enlarges the definition of reportable incidents to capture a wider set of security compromises. The Secretary of State is also granted powers to make regulations concerning the security and resilience of network and information systems, to set a statement of strategic priorities for regulatory authorities, and to publish a code of practice. In addition, the CSRB confers powers to issue directions to regulated persons and regulatory authorities where threats present a risk to national security. To monitor the CSRB’s legislative progress, see Practice Note: The UK NIS Regulations—timeline. This Practice Note outlines the legal framework for cybersecurity—considering the entities that must adhere to those rules, their...
Information Law
Expert page AD
If you expected to see yourself on this page, click here.