Trends in Interpretation of EU Data Protection Authorities of Cybersecurity Requirements under the GDPR
Trends in Interpretation of EU Data Protection Authorities of Cybersecurity Requirements under the GDPR
Author(s): Larisa GabudeanuSubject(s): Criminal Law, Security and defense, ICT Information and Communications Technologies, EU-Legislation
Published by: Asociatia Romana pentru Asigurarea Securitatii Informatiei
Keywords: security by design; data protection; article 32; enforcement; GDPR;
Summary/Abstract: One of the main legal requirements for the adopting the GDPR was the technical and organizational security requirements, alongside the transparency and purpose limitation principles. The wide wording mentioned by the GDPR in terms of state-of-the-art security measures has given rise to a series of interpretations both in literature and by the data controllers and data processors. The manner in which national data protection authorities interpret this wording on a case-by-case basis is a good indicator in terms of interpretation, as the authorities look into the specific use case requiring preventive security measures. Thus, this research paper brings additional clarity in the interpretation of this legal requirement in terms of the risks and damages considered relevant for the specific data breach or lack of proper legal requirement implementation, given publicly available information in this respect. Further, the research paper highlights the number of use cases analyzed by different national data protection authorities and the views of each national data protection authority.
Journal: International Journal of Information Security and Cybercrime (IJISC)
- Issue Year: 11/2022
- Issue No: 1
- Page Range: 9-14
- Page Count: 6
- Language: English
- Content File-PDF
