Privacy and Security Regulation

Privacy and Security Regulation

Privacy and security issues are at the core of digital strategies.

Furthermore, their impact on digital business models and organizational development is often a limiting factor for digital strategies. In Europe, data privacy and cyber security are subject to an increasing number of regulations.

The General Data Protection Regulation (GDPR) of the EU is set to take effect in 2018. This regulation requires a significant transformation of data protection processes and responsibilities, and even of companies’ privacy strategies. Notification of data breaches, impact assessments and data portability rules are just a few examples of newly introduced legal requirements that will need to be implemented. The same is true for cybersecurity legislation. The EU directive on network and information security (NIS Directive) forces the member states to establish or change their information technology (IT) security legislation by May 2018. These changes will affect providers of critical infrastructure services and digital service providers.

Both regulations have a significant impact on technological development and innovation strategy. DSI research provides strategic approaches to meeting privacy and cybersecurity regulation without blocking business innovation.

Our team works on

  • Privacy and cybersecurity specific risk assessment models
  • Transformation of privacy and cybersecurity strategy to meet new regulatory requirements
  • Methodologies for the management of data protection and security compliance
  • Compatibility of technical requirements of data protection and IT security law
  • Joint models for data protection and cybersecurity governance and technologies

Meet our experts:

  • Martin Schallbruch, Deputy Director, Digital Society Institute Berlin, ESMT Berlin
  • Isabel Skierka, Researcher, Digital Society Institute Berlin, ESMT Berlin
  • Tanja Strüve, Researcher, Digital Society Institute Berlin, ESMT Berlin