The General Data Protection Regulation (EU) 2016/697 (GDPR) is a regulation in European Union (EU) law on data protection and privacy in the EU and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. [1]
The GDPR has fundamentally transformed how businesses handle personal data. Any company that does not follow these new norms face severe fines, potentially up to €20 million or 4% of annual global revenue, depending on the severity and circumstances of the violation. The GDPR applies to any organization of any size, even if they are located outside of the EU, as long as they collect, store and/or process personal data of EU citizens.
The primary role of the data protection officer (DPO) is to ensure that his/her organisation processes the personal data of its staff, customers, providers or any other individuals (also referred to as data subjects) in compliance with the applicable data protection rules. In the EU institutions and bodies, the applicable Data Protection Regulation (Regulation (EU) 2018/1725) obliges them each to appoint a DPO. Regulation (EU) 2016/679, which obliges some organisations in EU countries to appoint a DPO, will be applicable as of 25 May 2018. [2]
Ιnternal and inter-company data transfer and utilization of open networks increase the risks that information and information systems are exposed to. In order to reduce risks and avoid damages to companies care must be taken to assure adequate information security.[BSI, “IT-Sicherheitsmanagement und IT-Grundschutz, BSI-Standards zur IT-Sicherheit,” Köln, 2005.] ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission(IEC) in 2005 [3] and then revised in 2013. [4] It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. [5]
Cyberhelix provides ISO 27001 consulting, to ensure that your company is compliant with the latest security practices.
Ships are increasingly using systems that rely on digitisation, digitalisation, integration, and automation, which call for cyber risk management on board. As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together – and more frequently connected to the internet. This brings the greater risk of unauthorised access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel accessing systems on board, for example by introducing malware via removable media. [6]
Cyberhelix provides security assessments according to the the Guidelines on Cyber Security Onboard Ships which are aligned with International Maritime Organization’s (IMO) resolution MSC.428(98).
[1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
[2] https://edps.europa.eu/data-protection/data-protection/reference-library/data-protection-officer-dpo_en
[3] “ISO/IEC 27001 International Information Security Standard published”. bsigroup.com. BSI. Retrieved 21 August 2020.
[4] Bird, Katie. “NEW VERSION OF ISO/IEC 27001 TO BETTER TACKLE IT SECURITY RISKS”. iso.org. ISO. Retrieved 21 August 2020.
[5] “ISO/IEC 27001:2013”. ISO. ISO. Retrieved 9 July 2020.
[6] cyberSecSea.pdf