GDPR and business continuity are undoubtfully connected management domains. Indeed, any adverse event that is dealt with in a business continuity context, can be the cause of a data breach too. Many articles in the GDPR show this relation, like for instance article 32 stating the obligation to manage the availability of personal data.
The legislation mainly applies to “Essential Service Providers” (“ESP’s”) as well as Digital service providers. These service providers (to be designated by the countries’ authorities) will also need to be compliant. Europe is aiming for a high and common level of security of network and information systems for all ESP’s because they are so important for the security and economy of a country.