The internet is a bastion of free speech. You can say whatever you want about anything on any site that allows comments and post any content you like on sites that allow you to share music, code, words, video, and so on. That may be changing. The European Union (EU) Article 13 was just passed by the EU’s Legal Affairs (JURI) Committee. If it makes it into law, freedom of speech on the net will be gagged.
Under Article 13, instead of letting you be free to say whatever you want or share whatever content you desire, every website has to check your every word, sound, video, programming code, image, or video to see if it’s a copyright violation. In short, everything.
Read more about EU Article 13 which, if it makes it into law, will force all websites to check any and all posts for copyright violations, on ZDNet.
Read more about why some companies are considering blocking EU users altogether to ensure compliance with the EU’s upcoming General Data Protection Regulation (GDPR) on TechRepublic.
Telecommunications is a key infrastructure based on how our society works. It constitutes the main instrument that allows democracy and EU core values such as freedom, equality, rule of law and human rights to function properly. There are currently over 5 billion unique mobile subscribers and over 2000 mobile operators worldwide. In Europe, there are 456 million unique mobile subscribers, which is equivalent to 84% of the population.
Mobile networks worldwide are still depending on SS7 and Diameter for controlling communications (routing voice calls and data) as well as on sets of protocols that were designed decades ago without giving adequate effect to modern day security implications. In this respect, the interconnected environment has become perilous. “In this context, ENISA has developed a study, which has examined a critical area of electronic communications: the security of interconnections in electronic communications, also known as signalling security. An EU level assessment of the current situation has been developed, so that we better understand the threat level, measures in place and possible next steps to be taken,” said Udo Helmbrecht, ENISA’s Executive Director.
The massive data breaches that have hit the headlines in recent years, including Yahoo, Verizon, and particularly Equifax, have taken a toll on breach victims, consumers, and corporations. We’ve seen stocks drop precipitously, class-action lawsuits filed, CEOs shown the door, and executives called before Congress. This year, breaches could be even more costly for companies once the European Union’s General Data Protection Regulation (GDPR) rules are in place come May 25.
The rules require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states, and also regulate the exportation of personal data of those consumers outside the EU. Penalties include fines of more than $27 million, or 4% of revenue, whichever is greater. GDPR will apply to any company that processes the data of EU citizens, regardless of where the company is based. Given the global nature of Internet commerce, its impact will be far reaching.
Organizations are under the gun to get systems in place now to ensure that they are in compliance with the regulations, before it’s too late.
Read which six key measures enterprises should prioritize over the next few months in their efforts to comply with the GDPR rules, on DarkReading.
With the GDPR deadline looming on May 25, 2018, every organization in the world that transmits data related to EU citizens is focused on achieving compliance. And for good reason. The ruling carries the most serious financial consequences of any privacy law to date – the greater of 20 million EUR or 4 percent of global revenue, potentially catastrophic penalties for many companies.
Compounding matters, the scope and complexity of GDPR extends beyond cyber security, requiring equal involvement from legal and IT teams. For many security executives, this is causing significant consternation about the organizational borders of GDPR. Specifically, “Who owns It?” and “Who does what?”
Effective GDPR compliance requires well-defined roles and division of responsibilities, as well as strong interdepartmental partnerships. Above all, it’s a team effort, and clear communication is the key.
Read about the three core business areas where integrated efforts are necessary to achieve GDPR compliance, and the distinct challenges of each on Help Net Security.
The clock is ticking and the General Data Protection Regulation (GDPR) will start to be enforced in May. Now is a critical time for organizations to plan, budget and make any remaining changes needed to meet its guidelines.
Failure to comply with GDPR standards will result in hefty non-compliance fines, and even U.S. organizations could be affected. Remember: GDPR guidelines will affect any organization handling personal data of individuals no matter where they are located, meaning even U.S. companies that process the personal data of individuals residing in the EU will have to comply.
GDPR is emerging as a board-level issue for many U.S. organizations and the pressure is on cybersecurity professionals to ensure the necessary steps are being taken to protect the personally identifiable information (PII) of EU residents.
Read about the challenges of GDPR compliance and what organizations can do to overcome these on Help Net Security.
Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data by May 25. The General Data Protection Regulation (GDPR) is expected to set a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to comply.
Time is running out to meet the deadline, so CSO has compiled what any business needs to know about the GDPR, along with advice for meeting its requirements. Many of the requirements do not relate directly to information security, but the processes and system changes needed to comply could affect existing security systems and protocols.
Read about the GDPR requirements, deadlines and facts on CSO.
In 2017 the GDPR buzz reached peak intensity, even in the cybersecurity community. It practically drowned out any mentions of another important upcoming EU law: The Network and Information Security (NIS) Directive.
The NIS Directive is the first piece of EU-wide legislation on cybersecurity and, by May 9, 2018, all EU member countries will have to have it incorporated it into their own national laws.
Read why Marnix Dekker, Network and Information Security Expert at ENISA, thinks that the NIS Directive is a big deal which deserves much more attention than the GDPR, at least from everyone in the cybersecurity community on Help Net Security.
On 20 December 2017 EU institutions took an important step in strengthening their cooperation in the fight against cyber-attacks. An inter-institutional arrangement which entered into force on that day has established a permanent Computer Emergency Response Team (CERT-EU) covering all the EU’s institutions, bodies and agencies. It consolidates the existing task force into a permanent and effective team responsible for ensuring a coordinated EU response to cyber-attacks against its institutions.
CERT-EU works very closely with the internal IT security teams of the EU institutions, and liaises with the Computer Emergency Response Teams and IT security companies in member states and elsewhere, exchanging information on threats and how to handle them. It also cooperate closely with its counterparts at NATO.
Read more about the establishment of CERT-EU on the website of the European Council.
Read Romy Hughes’ article about how companies can prepare for a GDPR culture on IT Pro Portal :
So, you’ve read all the “Top 10 tips for GDPR” articles you can get your hands on, and you’ve invested in the latest GDPR-compliant tech, but how do you ensure your people don’t simply work around it and risk landing your organisation with a massive fine?