A data breach at a website used for athletic events in Wales shows why new cyber-security rules are needed, argues our commercial lawyer, Declan Goodwin for the BBC. 

Active Network is used by a number of events including Velothon Wales, the Cardiff Half Marathon and Ironman Wales to process registrations and payments.

The US firm has admitted payment details had been accessed over a nine month period.

New EU rules - along with hefty fines - come into force in May.

The General Data Protection Regulation (GDPR) increases responsibilities on companies and protects EU citizens regardless of where the data is being used.

Read Declan's full comment below.