Stock taking of security requirements set by different legal frameworks on OES and DSPs

Back to all publications

Publication date:November 15, 2019

In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified security objectives, between the NISD and the GDPR. The report should be used as a starting point for the above-mentioned assessment and is targeted mainly to OESs and DSPs. Following the analysis in Sections 2, 3 and 4, this report concludes that organisations could benefit from a unified risk management framework, specialized sectorial guidance and specialised guidance on emerging privacy and security techniques. It also proposes that a method of cooperation between competent NISD and GDPR authorities as well as a co-ordinated approach on certifications concerning information security issues would be beneficial for the Digital Single Market.