ENISA’s Executive Director, Udo Helmbrecht, is participating at the 10th Future Security Conference taking place in Berlin from 15th -17th September 2015, at the Representation of the State of North Rhine-Westphalia in Berlin.
The event hosts high-level panellists mainly from Ministries, institutions and academia. ENISA’s Executive Director Prof. Helmbrecht, delivered the keynote address on “Privacy and Data protection: an EU Perspective”, where he mentioned the latest developments in the area and spoke about how the Agency has become a point of reference on eIDAS.
The Agency supports and provides guidelines for trust service providers (TSPs) on risk assessment and recommendations for incident risk mitigation, and provides guidelines on an auditing framework for trust services. Other ongoing activities the Agency is involved in include analysis of relevance and compliance of standards related to TSPs (Covering mandate M460 "Rationalised Framework for electronic signature”), assisting the European commission (EC) in the developing implementing acts; Incident reporting for Trust Service Providers (Article 19 of Regulation 910/2014); and a strategy analysis for the introduction of qualified website authentication certificates (QWACs) promoting consumer confidence in the web authentication market. ENISA also supports the creation of a Trust Services Forum explaining to stakeholders the developments in the area of eIDAS, while offering the opportunity to discuss with regulators on important areas.
“Our goal is to explain the developments on eIDAS and bring together stakeholders including regulators, and National authorities while developing non-binding technical guidelines supporting their work. Similarly with industry we aim to liaise and facilitate their involvement in the process especially in view of the upcoming entry into force of the trust services provisions of the eIDAS Regulation.
Protecting data is a multi-faceted challenge. Organizational measures are needed such as access control, privacy and security policies. DPA, member states authorities, service providers need to collaborate to implement security measures”
Prof Helmbrecht illustrated how ENISA supports the public sector in policy implementation through its work in the eIDAS regulation and promoting ‘privacy by design’. “We see that the research community has developed many mechanisms to implement specific privacy properties, but which don’t always match the requirements of the regulation. Privacy by design can be the tool to help make this match”.
The Agency also provides its recommendations and guidelines for data protection measures to the private sector, and raises citizens’ awareness with its involvement to the European Cyber Security Month (ECSM) – a joint initiative with DG CONNECT and the Member States and which will be running throughout October - advocating cybersecurity education, and the upcoming Annual Privacy Forum.