Last year the EU issued the Network Information Security Directive (“the NIS Directive”, also often colloquially referred to as the Cybersecurity Directive). Under this legislation operators of essential services and digital services providers will be required to maintain minimum network information security obligations and notify security incidents to a national regulator. For more details about this legislation please refer to our FAQs about it which can be found here, and, for articles that we have previously written about cybersecurity issues please see here.
In a paper published by the UK Government at the end of 2016 called “Cyber Security Regulation and Incentives Review (see here) the UK Government has announced that “the detailed scope and security requirements for NIS implementation will be set out by the Government in 2017.” This directive will therefore apply in the UK after Brexit. Organisations that may be affected by the NIS Directive would be wise to not only closely follow developments concerning it but to already start considering the compliance obligations that they will need to put in place.
The UK Government paper also reaffirms its previously stated commitment to implementing the EU General Data Protection Regulation (“EU GDPR”) (i.e also after Brexit), along with stating some considerations about GDPR and cybersecurity issues. We have developed a special solution to assist with compliance with EU GDPR called Cordery GDPR Navigator – more details about this can be found here. We also write regularly and produce films about data protection and privacy issues which can be found here.
For more information please contact André Bywater or Jonathan Armstrong who are lawyers with Cordery in London where their focus is on compliance issues.
Office: +44 (0)207 075 1785
Office: +44 (0)207 075 1784