Data Security Under the GDPR | Practical Law

Data Security Under the GDPR | Practical Law

A Practice Note discussing data security obligations under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), including European Data Protection Board (EDPB) and EU Agency for Cybersecurity (ENISA) guidance on appropriate security measures, encryption, and pseudonymization. This Note also addresses controller and processor roles and responsibilities, data protection by design and default, security and data protection impact assessments (DPIAs), sanctions for non-compliance, and potential overlap between the GDPR and EU Security of Network and Information Systems (NIS) Directives.

Data Security Under the GDPR

Practical Law Practice Note w-038-0752 (Approx. 21 pages)

Data Security Under the GDPR

by Practical Law Data Privacy & Cybersecurity
MaintainedEuropean Union
A Practice Note discussing data security obligations under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), including European Data Protection Board (EDPB) and EU Agency for Cybersecurity (ENISA) guidance on appropriate security measures, encryption, and pseudonymization. This Note also addresses controller and processor roles and responsibilities, data protection by design and default, security and data protection impact assessments (DPIAs), sanctions for non-compliance, and potential overlap between the GDPR and EU Security of Network and Information Systems (NIS) Directives.