GDPR Compliance: Just under a year to “get your house in order”

The European Commission published its first draft of the EU General Data Protection Regulation (“GDPR“) in January 2012, which set out a comprehensive reform of the current existing EU regime. The reform was designed to give citizens more control and protection over their personal data. In April 2016, the final text of the GDPR was … Read more

ENISA Guidance: Incident Reporting for Digital Service Providers under Cyber Security Directive and the interplay with GDPR

The new report referenced in the article above, follows comprehensive guidelines (the “Guidelines“) published by ENISA in February 2017 for Member States and the European Commission on how to implement incident notification for “digital service providers” (“DSPs“) across the EU, in the context of the Cyber Security Directive. DSPs: The Cyber Security Directive sets out … Read more

SWIFT publishes mandatory controls for customers

In April 2017, the Society for Worldwide Interbank Financial Telecommunications (SWIFT) published a final version of its Customer Security Controls Framework (the “Framework“), as part of its Customer Security Programme which launched in June 2016. SWIFT is a messaging network that allows more than 11,000 banking and securities organisations to securely send information and instructions … Read more

WannaCry: A chance to test systems and raise awareness at a global level?

In one of the most dramatic and widespread cyber attacks to date, on Friday 12 May 2017, a worldwide ransomware attack known as “WannaCrypt” or “WannaCry” began infecting hundreds of thousands of computers in over 150 countries. Starting in the UK and Spain, critical infrastructure operators around the world including those in the health, transport, … Read more