Privacy and security regulation
Furthermore, their impact on digital business models and organizational development is often a limiting factor for digital strategies. In Europe, data privacy and cyber security are subject to an increasing number of regulations.
The General Data Protection Regulation (GDPR) of the EU took effect in May 2018. This regulation requires a significant transformation of data protection processes and responsibilities, and even of companies’ privacy strategies. Notification of data breaches, impact assessments and data portability rules are just a few examples of newly introduced legal requirements that need to be implemented. The same is true for cybersecurity legislation. The EU directive on network and information security (NIS Directive) has forced the member states to establish or change their information technology (IT) security legislation. These changes affect providers of critical infrastructure services and digital service providers.
Both regulations have had a significant impact on technological development and innovation strategy. DSI research provides strategic approaches to meeting privacy and cybersecurity regulation without blocking business innovation.
Our team works on
- Privacy and cybersecurity specific risk assessment models
- Transformation of privacy and cybersecurity strategy to meet new regulatory requirements
- Methodologies for the management of data protection and security compliance
- Compatibility of technical requirements of data protection and IT security law
- Joint models for data protection and cybersecurity governance and technologies