Personal data protection and NIS2 - cetin.cz
Personal data protection and NIS2
The implementation of the NIS2 Directive in the context of the General Data Protection Regulation (GDPR) brings several benefits for dealing with data protection obligations in an organisation.
Relationship between NIS2 and GDPR
It has been five years since the General Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons about the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) came into force.
"Securing personal data with NIS2"
The basic building block of the GDPR is the protection of the basic rights and freedoms of citizens in the form of the right to the inviolability of a person and his privacy. The NIS2 directive focuses on the protection of legal entities, specifically their know-how, technology and other business interests. The aim of the directive is the resilience and competitiveness of the entire European system.
NIS2 and GDPR in one go
The security of personal data, in the sense of protecting confidentiality, integrity, and availability, is provided for in the GDPR in Articles 25 Intentional and Standard Protection of Personal Data, and in particular Article 32 Security of Processing. However, more detailed organisational or technical measures to ensure the continued confidentiality, integrity, availability, and resilience of processing service systems are not specifically defined by the GDPR.
Of primary importance in the context of the principles set out in Article 5 of the GDPR is the principle of "integrity and confidentiality", which defines that personal data should be adequately secured technically and organisationally against accidental loss, destruction, or damage. However, the principle is not entirely specifically defined.
It is the NIS2 that comes up with a specific form of data protection, which sets out what and how a legal entity must ensure to protect systems and data, including personal data.