EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?



Similar documents
Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Data Protection and Cloud Computing: an Overview of the Legal Issues

The potential legal consequences of a personal data breach

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

How To Write An Article On The European Cyberspace Policy And Security Strategy

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation

Mitigating and managing cyber risk: ten issues to consider

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

DSM Communication of May 6, 2015 (

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

New EU Data Protection legislation comes into force today. What does this mean for your business?

Prof. Udo Helmbrecht

Cloud and Critical Information Infrastructures

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

Article 29 Working Party Issues Opinion on Cloud Computing

Big Data for Mutuals. Marc Dautlich 25 November 2013

A Flexible and Comprehensive Approach to a Cloud Compliance Program

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Data and Cyber Laws Up-date 9 July 2015

The Legal Pitfalls of Failing to Develop Secure Cloud Services

ICC RESOURCE GUIDE FOR SELF-REGULATION OF ONLINE BEHAVIOURAL ADVERTISING (OBA)

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

HIPAA Privacy Rule Policies

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Privacy Risk Assessments

ARTICLE 29 DATA PROTECTION WORKING PARTY

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

slaughter and may The new EU Data Protection Regulation revolution or evolution?

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

Digital Agenda for Europe Cartagena de Indias, September 1, 2015

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Application of Data Protection Concepts to Cloud Computing

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

FRANCE. Chapter XX OVERVIEW

Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003

Annex 1: Detailed outline

How To Protect Your Data From Hackers

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Logging In: Auditing Cybersecurity in an Unsecure World

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Privacy Liability & Data Breach Management Cyber Insurance as a Customer Privacy Protection Tool

An Overview of ISO/IEC family of Information Security Management System Standards

Changes to Consumer Credit Regulation

Cyber Insurance Presentation

Appendix 1: General regulatory questions

Information Security Management System (ISMS) Overview. Arhnel Klyde S. Terroza

Privacy Liability & Data Breach Management Nikos Georgopoulos 1 st Athens Privacy & Data Breach Management Conference

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

HIPAA and Mental Health Privacy:

Transcription:

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security & Privacy EU Forum 2013 April 19, 2013 Brussels

Agenda Current regulatory trends in the EU Data protection Cybersecurity Cloud computing Conclusions 2

Data Protection (I) General theme becoming stricter Proposed EU Regulation (January 2012) Harmonization and direct effect - no national implementation Addresses evolving technologies Will apply to Companies processing data within the EU Companies outside the EU that offer goods and services to EU residents or monitor their behavior (online context) 3

Data Protection (II) Demand for accountability New requirements, including: documentation about data processing privacy impact assessments privacy-by-design/default appointment of data protection officer Data processors (i.e. IT service providers) will share responsibilities and liabilities 4

Data Protection (III) Stricter rules on data security Broad legal definition of data breach Obligations to implement technical and organizational measures Requirement to notify regulators and individuals within 24 hours of discovery of a breach, where feasible Supervision: One-Stop-Shop A company will only be regulated by one data protection authority across the EU Main establishment becomes important 5

Data Protection (IV) High sanctions in case of non-compliance up to 250 000 EUR or 0,5% of annual worldwide turnover for minor breaches up to 500 000 EUR or 1% of annual worldwide turnover for intermediary level breaches up to 1 000 000 EUR or 2% of annual worldwide turnover for serious breaches Regulation will most likely be adopted in 2014 and enter into force in 2016 6

Cybersecurity (I) FBI Director Robert Mueller I am convinced there are only two types of companies: Those that have been hacked and those that will be. March 1, 2012 7

Cybersecurity (II) Proposed EU Cybersecurity Directive (February 2013) Comprehensive regulation of security Introduction of broad legal definitions for network and information systems security risk incident 8

Cybersecurity (III) Security requirements and incident notification Obligation to implement appropriate technical and organizational measures Obligation to undergo security audit Notification requirement vis-à-vis regulators in case of incidents Regulator may then inform the public 9

Cybersecurity (IV) Market operators explicitly listed as targets: E-commerce platforms Internet payment gateways Social networks Search engines Cloud computing services Application stores Energy suppliers Transport/logistics companies Credit institutions, stock exchanges Health care institutions 10

Cybersecurity (V) Sanctions EU Member States required to lay down rules on sanctions Sanctions must be effective, proportionate and dissuasive If personal data is involved, sanctions must be consistent with sanctions of proposed Data Protection Regulation 11

Cloud Computing (I) Focused EU Commission Strategy (September 2012) Three main issues: Simplification of cloud computing standards and certification Development of new model contract terms for cloud computing services Initiative for a European Cloud Partnership 12

Cloud Computing (II) Standards and Certification Aim to introduce pan-european certification schemes by 2014 Schemes will address data protection, especially data portability, and focus on increased transparency of cloud service providers security practices Participation will be voluntary 13

Cloud Computing (III) Model Contract Terms To be drafted by the end of 2013 Will cover range of topics Will incorporate new mechanisms for data processors (i.e. IT service providers) 14

Cloud Computing (IV) Review of current EU standard contractual clauses for international data transfers to make them more cloud-friendly Encouragement of national data protection authorities to approve Binding Corporate Rules tailored for cloud services 15

Conclusions Data protection framework will change fundamentally and should be high on the risk agenda Cybersecurity will be regulated for the first time and reporting obligations require an emergency plan Cloud computing strategy will overlap with other initiatives and lead to standardization 16

Contact & Questions Dr. Jörg Hladjk Counsel Tel +32-2-643 5828 Fax +32-2-643 5822 jhladjk@hunton.com Hunton & Williams Park Atrium, Rue des Colonies 11 1000 Brussels, Belgium http://www.hunton.com 17

Hunton & Williams Ranked by Computerworld magazine for the fourth consecutive year as the top law firm globally for privacy Ranked in Band 1 for Privacy and Data Security in Chambers Global, Chambers USA and Chambers UK guides Ranked in Tier 1 in The Legal 500 United States for Data Protection and Privacy Ranked in Tier 1 in The Legal 500 EMEA for Belgium: Privacy and Data Protection Received Corporate INTL Magazine Global Award for Data Protection Law, Firm of the Year in China 18

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information