The European Union (EU) stipulated a period of around 20 months for all its member countries to transpose EU legislation on network security and data protection into their national regulations. The term "transpose" refers specifically, according to the Royal Spanish Academy, to the incorporation by a member country of a directive issued by the EU into its domestic legislation.
Due to the delay in complying with this adaptation of 17 countries in the old continentThe European Commission issued a letter of formal notice, legally considered the first step of the infringement procedure. The invitation of this notification is to fully transpose into national law the first legislative act at EU level. on cybersecurity. Failure to comply within the next two months could result in a reasoned opinion for Austria, Spain, Belgium, Bulgaria, Croatia, Denmark, France, Greece, Hungary, Ireland, Latvia, Lithuania, Luxembourg, the Netherlands, Poland, Portugal and Romania.
What is the European Union looking for?
The intention of this regulation is to standardize the level of security of networks and information systems in the EU. Through these measures, each State will develop capabilities in this area, fostering cooperation and improving the incident notification mechanisms of service operators and providers.
The European Union has been working for more than two years to protect the security of its users on the Internet.. Through the Data Protection Regulation (GDPR) came into force last May 24, 2016 and its purpose is to establish legal mechanisms for the manipulation of user data on the internet. It applies to any company or individual offering goods or services to any EU citizen, regardless of where the company or individual is located. It also applies to those who monitor online behavior in the case of actions carried out in the EU.
The regulation also specifies that its measures protect the fundamental rights and freedoms of European citizens.particularly the guarantee to the protection of personal data. However, it clarifies that the free circulation of personal data is neither restricted nor prohibited.
The GDPR imposes the obligation of a consent given by the user. for the collection of personal data. The authorization must be explicit, informed and revocable at any time that the person of his own free will so desires. There must be a consent for each of the collection purposes.
Likewise, the instrument grants the right to portability, which refers to the power of the users to to request your data from one company and give it to another company or individual. This data includes activity logs and a copy can also be requested for the user.
The principle of active responsibility
Among the guidelines of the regulation, the principle of active responsibility was designed for companies to The company must take responsibility for the handling of its users' data and adjust its procedures in accordance with the law. In this sense, specific protocols must be designed to address situations where the established guarantees are put at risk. The organization must respond within 72 hours of the occurrence of any event that violates security.
To assist with the transition of member countries, the Connecting Europe Facility is providing 38 million euros in funding until 2020.
Sources consulted