Home » Legal Tips

Legal Tips



Cybersecurity & Privacy Legal Tips

A clear understanding of Cybersecurity legal issues is esssential for anyone working in the area. Our Legal tips section updates you on all Legal news on Cybersecurity and privacy issues!

GDPR & NIS Directive

cyberwatching.eu raises awareness of the two major legislative tools that are having a major impact on the EU cybersecurity landscape: The GDPR (Regulation 679/2016 on the protection of personal data) which becomes effective on 28 May 2018; and the NIS Directive (Directive 2016/1148 concerning measures for a high common level of security of network and information systems across the Union) which will be transposed by Member States by the 9th of May 2018. These two legislative instruments are  strictly intertwined with the NIS Directive refers to the applicable data protection law as to a necessary complementary set of rules.

How cyberwatching.eu helps

In addition to our regularly updated news below, we'll also be publishing a series of recommendations documents, which will help organisations to understand the interplay of the two legal frameworks, in order to clarify their intricacies, to solve potential conflicts of interpretation and to effectively enable R&I projects focussed on privacy and cybersecurity to effectively participate to the policy making debate of the next two years, both at national and EU level, on these matters. The project will therefore focus on the following activities:
•    Monitoring of the regulatory framework;
•    Understanding the legal complexity of the regulatory framework;
•    Drafting a list of policy issues to be solved at EU and/or national level;
•    Supporting R&I teams and proactively proposing areas of research and policy solutions

Our legal experts from ICT Legal Consulting are here to guide you through the most common and important terms. 

 

Source: ICT Legal Consulting  ICT Legal Consulting

 

The European Centre on Privacy and Cybersecurity (ECPC) is inviting applications to fill up the position of Senior Lecturer/Assistant Professor, starting 1 April 2022.

On 28 January, it was Data Protection Day, an annual celebration of privacy and data protection commemorating the date that Convention 108 of the Council of Europe was first opened for signature.

On 16 March the Chair of the European Data Protection Board (EDPB) Andrea Jelinek released a statement to help guide the data processing activities of public authorities, governments, and private organizations within the context of the COVID-19 pandemic.

The GDPR Temperature tool will help SMEs to understand where they stand with respect to the GDPR in terms of risks of sanctions. This tool consists of questions about data processing activities, also providing an indication of the company’s risk of sanctions and corresponding actionable recommendations coming directly from ICT Legal Consulting, a law firm with plenty of expertise in the area.

On November 13th the Italian Parliament finally approved Law Decree No. 105/2019, which significantly extends the scope of application of the Italian “golden powers” regulations, amending Law Decree No. 21/2012.

Europeans have set high standards for cybersecurity and digital privacy. The General Data Protection Regulation (GDPR), introduced in May 2018, provides new rules to give citizens more control over their personal data, and a competitive edge to compliant business. The National and Information Security (NIS) Directive on the other hand, is the cornerstone of the EU’s cybersecurity architecture. It provides legal measures to boost the overall level of cybersecurity in the EU.

The European Union Agency for Fundamental Rights has released the updated 2018 edition of the “Handbook on European data protection law”.

On 29 December the Italian Budget Law for 2018 was published in the Italian Official Journal. The law at stake, which is probably one of the most relevant laws issued at the end of each year in Italy, contains some provisions that impact key elements of the forthcoming EU data protection framework – Regulation EU 2016/679 (“GDPR”)

Under Article 28 of the General Data Protection Regulation (“GDPR”), controllers must only appoint processors who can provide “sufficient guarantees” to meet the requirements of the GDPR. Processors must only act on the documented instructions of the controller and they can be held directly responsible for non-compliance with the GDPR obligations, or the instructions provided by the controller, and may be subject to administrative fines or other sanctions and liable to pay compensation to data subjects.

Pages

News

On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.