I have just published here the third and last article of my short series on the EU General Data Protection Regulation 2016/679 (GDPR) for IT.
In this final article I discuss a few points about the managing of data breaches and of the IT measures required to satisfy the citizens’ rights on their personal data managed by IT systems.
I have just published here the second article of my short series on the EU General Data Protection Regulation 2016/679 (GDPR) for IT.
In this article I discuss a few points about the risk-based approach requested by the GDPR which introduces the Data Protection Impact Assessment (DPIA), and a few IT security measures which should often be useful to mitigate risks to the personal data.
I have just published here the first article of a short series in which I consider some aspects of the requirements on IT systems and services due to the EU General Data Protection Regulation 2016/679 (GDPR).
I started to write these articles in an effort, first of all for myself, to understand what actually the GDPR requires from IT, which areas of IT can be impacted by it and how IT can help companies in implementing GDPR compliance. Obviously my main interest is in understanding which IT security measures are most effective in protecting GDPR data and which is the interrelation between IT security and GDPR compliance.
A few days ago the European Parlament has adopted the “Network and Information Security (NIS)” Directive (PE-CONS 26/16 Lex 1683). Together with the recently approved “General Data Protection Regulation”, it could provide the EU marketplace with strong incentives to dramatically enlarge and improve the approach to IT and/or Cyber Security.
For both regulations the timeframe is probably long, at least 2 years, most probably 4, so we should understand the effects of these new regulations likely by 2020. Still the entire ecosystem of IT and/or Cyber Security can only benefit from this interest “from the top”.