Navigating data protection and privacy regulations
Following best practices and knowing the ins and outs
of data protection regulations are steps in the right
direction. But even then, some confusion can still creep
up. Questions such as 'Is this a data protection law or
guideline?', 'Does data need to reside in our country?',
or 'Is this data requirement our responsibility?' are
some of the more common ones.
1. Understanding regulations versus directives
and guidelines
There's a lot of hype today about the latest NIS2
Directive. A few years ago, the same happened with
the GDPR. In the next few years, there will likely be
other new frameworks that will capture attention.
WEBINAR–Watch how to gear up for NIS2 now
While it's critical to stay up-to-speed on what's
happening, you don't need to buy into all the hype.
This is particularly true if you're already applying data
security and privacy best practices and choosing
trusted partners along the way. Taking a practical and
comprehensive approach to protecting your data can
go a long way in enabling you to be compliant.
Also, it's important to keep in mind that not all
frameworks are laws. For example, the GDPR is a
regulation, which has binding legal force through all
EU member states. On the other hand, NIS2 is a
directive. This means it provides requirements that
must be achieved but also necessitates member states
to translate these obligations into national laws.
Across member states, there may be differences in how
NIS2 is implemented and enforced.
In fact, many national certification bodies across
Europe such as ANSSI in France, BSI in Germany,
GovPass in the UK, and Rijkspas in the Netherlands
have adopted variations on the NIS2 requirements.
Overall, these countries are following NIS2, but
adapting it to their country differently. And while each
encompasses comprehensive cybersecurity measures,
there's a distinct focus on certifying the robustness of
physical access control systems.
Implementing a high assurance access control system
with secure, supported I/O modules can help you
comply with these strict European cybersecurity
regulations. A high assurance access control system
What are the core data protection principles
underpinning most data regulations?
Here's a quick summary:
✓ Permission to collect and use
You need to have the right permissions to collect
and use data, aligned with a legitimate purpose
or objective.
✓ Limitation of storage and use
You must limit the data you keep and only use or store
the data that is necessary to meet specific requirements
or objectives.
✓ Transparency and accuracy
You need to remain transparent about your data
practices and ensure the information is accurate
so that you can handle it properly.
✓ Protection and security
You need to take adequate measures to protect and
secure your data and ensure only people who need
to access the data can.
✓ Individual rights
You need to respect individuals' rights to their own
data, including the rights to access, rectification,
erasure, and others.
✓ Accountability
You must take responsibility for your handling of the data,
including having appropriate measures and records in
place that show how you handle data and what you do to
maintain data protection and privacy principles.
3 common misunderstandings about data regulations
