12 décembre 2018

Radar - April 2020 – 6 de 5 Publications

Radar - December 2018: Cybersecurity

  • QUICK READ

It has also been a big year in cybersecurity, not only due to the introduction of new legislation, but also because of the continuing focus on high profile breaches.

NISD

The EU's Network Information Systems Directive is designed to sit alongside the GDPR and brought in cybersecurity and breach reporting requirements for Digital Service Providers (an online marketplace, an online search engine or a cloud services provider) and Operators of Essential Services. The Directive is implemented in the UK by the Network Information Systems Regulations 2018, which came into force on 10 May 2018.

We could use more guidance on who exactly is caught by the Regulations as some businesses do not fit neatly into the sparse definitions. In the meantime, you can read about the requirements if you are caught, here.

The Cybersecurity Act

The Commission published a draft Regulation (known as the Cybersecurity Act) to reform the European Network and Information Security Agency (ENISA), giving it a permanent mandate and increased resources; and to introduce a voluntary European security certification framework for ICT products and services. The certificates would confirm compliance and would be recognised in all Member States, making it easier for businesses to trade in the internal market. The draft Regulation is currently in the trilogue stage.

Data breaches

It seems that every week brings another high profile data breach. The ICO has seen a vast increase in the reporting of data breaches, partly because of over-reporting due to a lack of understanding of GDPR obligations. There can, however, be no doubt that many businesses remain vulnerable to attack or to inadvertent data breaches. BA, Dixons, Uber, Facebook, Equifax and the Marriott Group are just some of the names to have hit the headlines this year due to newly discovered breaches, or to fines incurred for earlier breaches. So far, we are yet to see fines issued for data breaches under the GDPR but this will doubtless change next year.

Businesses are also getting used to the idea that they may face class actions in relation to data breaches. In November, we reported on the Court of Appeal decision, upholding the High Court's finding that Morrisons was vicariously liable for the actions of a rogue employee. This was under common law principles rather than as a result of changes to data protection law but as more breaches enter the public domain and certain litigation funders are actively looking to fund data breach class actions, we expect this to become the new normal.

Dans cette série

Technologie, Médias et Communications (TMC)

Morrisons not vicariously liable for data breach of rogue employee, says Supreme Court

IN-DEPTH ANALYSIS
Technologie, Médias et Communications (TMC)

Maintaining supply chains during the COVID-19 outbreak

QUICK READ

par plusieurs auteurs

Technologie, Médias et Communications (TMC)

UK Gambling Commission focuses on safety

IN-DEPTH ANALYSIS

par Debbie Heywood

Technologie, Médias et Communications (TMC)

Consumer protection during COVID-19

IN-DEPTH ANALYSIS

par Debbie Heywood, Anjali Chandarana

Technologie, Médias et Communications (TMC)

UK's Digital Services Tax now applies

QUICK READ

par Debbie Heywood

Call To Action Arrow Image

Latest insights in your inbox

Subscribe to newsletters on topics relevant to you.

Subscribe
Subscribe

Related Insights

Technologie, Médias et Communications (TMC)

EC Data Governance Act will apply from 24 September 2023

20 juin 2022

par Debbie Heywood

Cliquer ici pour en savoir plus
Technologie, Médias et Communications (TMC)

EC publishes Q&As on new Standard Contractual Clauses

20 juin 2022

par Debbie Heywood

Cliquer ici pour en savoir plus
Protection des données et cybersécurité

Incoming EU data and digital legislation

There's a lot going on in the data and digital space in terms of incoming EU legislation. Here is a summary of key proposals which will impact the use of data (personal and non-personal) and likely timelines, as at 10 May 2022.

17 mai 2022

par plusieurs auteurs

Cliquer ici pour en savoir plus