Compliance and security in cyberspace

De Tijd: “Many SMEs are not yet aware that they risk fines for weak cybersecurity”

In recent years, technological advancements have surged dramatically. Innovations such as Software-as-a-Service, artificial intelligence, cloud computing, and wireless devices/technologies have fundamentally changed our lives and work. These technologies offer unprecedented benefits like convenience, ease of use, and speed. One thing all these technologies have in common is that they process incredible amounts of data and information.

This brings both opportunities and risks. The importance of data confidentiality, constant availability, data integrity, and the protection of personal integrity cannot be overstated. Data is now not only essential for the functioning of organizations; it has become one of the most valuable assets for companies, organizations, individuals, and even governments.

The War for Data

In a world where knowledge is power, a true war for data is raging. Gaining or losing information can significantly impact your position in political and economic life and even affect your personal integrity.

European regulations

Europe has been aware of these developments for some time. For example, in 2018, the General Data Protection Regulation (GDPR) and the directive for Measures for a High Common Level of Security of Network and Information Systems (NIS1) came into effect. NIS1 focused on operators of critical infrastructure and large digital service providers.

But the regulations do not stop there. Since then, Europe has launched several other initiatives such as the Artificial Intelligence (AI) Act, NIS2, the Digital Services Act, and the Cyber Resilience Act. These new rules aim to protect a broader range of companies and organizations.

NIS2: A new milestone

Take the NIS2 directive, for example. This directive ensures that information security must become a “common good” for a wide range of companies and organizations. Among other things, companies must now focus on risk analysis, incident management, and reporting to national Computer Security Incident Response Teams (CSIRT). This also means they need to set up information security programs.

NIS2 will come into effect in October 2024 with deadlines in 2025. It is crucial that organizations timely assess whether they fall under the new regulations and implement the necessary security measures, including SMEs. Frameworks such as ISO 27001, ISO 27701, or the CIS Controls Framework can be useful tools in this regard.

Need advice? We’re here to help!

Want to know more or need assistance with a robust approach to these issues? Contact us! Our expertise in legal advice and compliance can help your organization comply with the new regulations and protect your data.