News in IT security and legislation

Security

On August 1, 2017, the NÚKIB (NáRodní ú ú ranks for cyber and information security), which was separated from the NBÚ (NáRodní security ú ú ranks) by an amendment to the law, started its activity in Brno. Institutions má bringá expert assistance in case ofá cyberý threats to the stateá - protection of systemsá important for the stateá (police, ministry, energy, etc.), the fight against cybercrime (cooperation with the police), cryptographic protection and protection of the non-public part of the Galileo satellite system. The NÚKIB is therefore not for the assistance of individuals, this activity is represented by the CSIRT.

Currently, it has 119 employees (not only IT experts, but also právn´t, political scientists and theoreticians), and in the future it could have up to 400 employees.

Legislation

This year and next, there will be a number ofýšý changes that will expandšý existingý IT-related legislation and newly affect&each&eaché organisation. Whiché are they before&scaron& ím?

  • Malá amendment on cyberé security - ú activity from 1 July 2017

    • Act No. 104/2017 Coll. amending Act No. 181/2014 Coll.
    • newly modified definition of operator of information and communication systems and his responsibilities
    • manages the relationship between the operator and the operator
    • adopts fines for their violationšení

 

  • Bigá amendment on cyberé security - ú activity from 1 Aug 2017

    • ofácon No. 205/2017 Coll., which amendsácon No. 181/2014 Coll.
    • reactioní to EU Directive 2016/1148 – NIS (Network and Information Security), on measures to ensure highé socialé ú security of s´ tí and informationé systems in the Union
    • Newly identifies two groups of obliged entities:
      • providers of positive services
        • e.g. health´, transport, energyý and chemicalý industries
      • providers of digitalálníservices
        • interneté searchá searchá e-shops, cloud computing services
    • exacté determinationá of the subjects will be based on impactý criteria, whichá will be defined in further&scaroná Decreeáštogether&with&the&strong>furtherší&requirements&for&providers,&howé&security&measures&must&implement
    • defines the emergence of NÚKIB (Nánativeú úranks for cyber and information´ security)

 

  • GDPR - úactivity from 25/05/2018

    • EU Directive on the Protection of natural persons in relation to the processing of personal údata and on the free movement of such údata
    • This is a záend standard that úfully all companies will have to comply with (protecting both employeeá and clientá data)
    • requirements on institutions and organizations
      • implementation ofámoderateé and necessaryé data protection
      • introduction of the so-called pseudonymisation of personal údata
      • knowledge of theásigns of theáníactivities of theání
      • consultation with the supervisor prior to the actual processing of the personal ú ú ú ú
      • appoint a Data Protection Officer (DPO)
    • in the event of non-compliance with these conditions, the GDPR introduces highéí sanctions

 

  • Europeané ePrivacy

    • exactí GDPR requirements in theí electronicý communicationsí