The Commission's original draft Regulation included explicit support for the work of computer security and incident response teams, recognising that such activities were a legitimate interest that involved processing of personal data.
[this article is based on the draft text published by the European Council on 28th January 2016. Recital and article numbers, at least, will change before the final text]
