The European Parliament approved the Network and Information Security Directive, which imposes data security and incident reporting requirements on two categories of providers: (1) “operators of essential services,” and (2) “digital service providers.” It also creates various requirements for EU Member States aimed at increasing security and cooperation within the EU on cybersecurity issues, including prevention, management, and response to incidents. The NIS Directive will enter into force 20 days after its publication in the Official Journal of the European Union, after which EU countries will have 21 months to adopt its provisions in their national laws and six months more to identify operators of essential services.
- How-to guide How-to guide: How to implement privacy by design within your organization (USA) Recently updated
- How-to guide How-to guide: How to prepare for and respond to a governmental investigation or enforcement action for violation of US privacy laws (USA) Recently updated
- How-to guide How-to guide: How to establish a valid lawful basis for processing personal data under the GDPR (UK)