News

EDPS issues data security guidance for EU institutions

Friday 1 April 2016 08:51 CET | News

The European Data Protection Supervisor (EDPS) has issued a guidance document on data security and risk management for the EU institutions.

The document may become a source of guidance on risk-based information security practices for other data controllers in the EU as well, given its authority and the similarity between the security provisions of a number of EU directives and regulations. The guidance is called ‘Security Measures for Personal Data Processing’ and is issued pursuant to Article 22 of Regulation 45/2001, which contains the legal requirement for EU institutions to mitigate risks when processing personal data.

The EDPS’s approach is grounded in accepted good practices in Information Security Risk Management (ISRM) and therefore, does not prescribe a particular set of security measures. With regard to Article 22, the guidance provides detailed advice on how to apply the ISRM framework in a manner that complies the Regulation’s security requirements. Of particular note, it states that in order to comply with the legal obligation under Article 22 of the Regulation, EU institutions must always apply state of the art risk assessment and risk management.

Organizations subject to EU data protection laws may wish to carefully review the EDPS’s ISRM recommendations in light of the fact that the guidance may be used to interpret the security provisions of other, more generally applicable directives and regulations.


Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: security, data protection, risk management, regulation, EU
Categories: Fraud & Financial Crime
Companies:
Countries: World
This article is part of category

Fraud & Financial Crime






Industry Events