Europeans have set high standards for cybersecurity and digital privacy. The General Data Protection Regulation (GDPR), introduced in May 2018, provides new rules to give citizens more control over their personal data, and a competitive edge to compliant business. The National and Information Security (NIS) Directive on the other hand, is the cornerstone of the EU’s cybersecurity architecture. It provides legal measures to boost the overall level of cybersecurity in the EU. The two legislative instruments are strictly intertwined, with the NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU as a necessary complementary set of rules to the GDPR.
A new report from the EC-funded Cyberwatching.eu project offers insight into the supporting role between the regulatory framework that has been implemented within the EU and the market that needs to apply it to the activities it carries out. The document discusses the interplay of the two legal frameworks, in order to state their requirements, and to help the policy-makers understand their intricacies.
The report also looks at the impact of the GDPR on emerging technologies. The broad scope of GDPR has raised fresh challenges, in the face of emerging technologies such as Artificial intelligence (“AI”), IoT and blockchain. Such technologies are now key competitive factors for businesses in boosting performance, productivity and the European Digital Single Market.
AI for example, is component of the future of technology and cyberspace, which can be implemented in the systems, software and devices of different sectors.  From a data protection perspective, AI is typically utilized as a tool for automated decision-making and profiling, by leveraging algorithms to process a large volume of data. The challenges arise where the processing done by the AI is of such nature that it creates significant effects for the data subjects.
The report provides a set of recommendations for European policy makers, drawing on discussions from Europe’s leading cybersecurity and privacy R&I projects at the second cyberwatching.eu Concertation meeting held in June.
Recommendations include a call for greater guidelines on emerging technologies in relation to data protection and data minimization so that companies do not fall foul of the law. Greater funding for more research to provide tools and services to address this and other challenges is also required.
To find out more on this, blockchain and also insurability of GDPR-related risks, then download the report here.
You can also check the recorded webinar video on "GDPR Compliance in the age of emerging technologies".