A sensitive subject
Are security measures only necessary when handling personal data?
Are security measures only necessary when handling personal data?
No! Security legislation has grown exponentially over the past years and its scope has broadened significantly. From requirements under the GDPR to protect personal data, to measures protecting your IT systems under NIS 2 and DORA and measures protecting your products with digital elements under the Cyber Resilience Act. Not surprisingly, there are good reasons why cybersecurity should be top of the agenda at your next board meeting. We can help you navigate the complex and converging landscape of national and international cybersecurity regulations.
How can we find out how secure our organization is?
How can we find out how secure our organization is?
Ask your CISO to conduct a (or provide a recent) high-level risk assessment. This will highlight potential security threats and enable you to prioritize security investments to mitigate threats based on their potential impact on the organization.
Are we already compliant with cybersecurity laws?
Are we already compliant with cybersecurity laws?
Given the increasingly complex cybersecurity regulatory environment in the EU, it’s hard for non-legal experts to know. We can provide a high-level overview of the laws relevant to your company and advise on what action may need to be taken to ensure compliance, now and in the future.
Is it sufficient if I am ISO compliant?
Is it sufficient if I am ISO compliant?
As you’ve probably guessed by now, there aren’t many hard or fast rules about security. European and international standards and technical specifications for cybersecurity, such as ISO 27001, may kickstart your path to be compliant with NIS 2 and other cybersecurity laws. However, as each of the cybersecurity laws contains its own set of security requirements, an independent assessment is required. We will be glad to assist you in carrying out a gap analysis.
Do my subcontractors also have to take security measures?
Do my subcontractors also have to take security measures?
Under the GDPR, you’re legally responsible for ensuring that any subcontractors you hire take sufficient measures to protect and secure personal data. In similar fashion, supply chain security plays a central role in the security measures under NIS 2 and DORA. The best way to deal with these requirements is to make sure your contract with your subcontractors includes such obligations, as well as provisions for monitoring compliance. Please feel free to ask us for drafting assistance.