The NIS2 Directive of the European Union aims to increase level of cybersecurity in crucial sectors of industry and government. The directive introduces cybersecurity requirements that are expected to be applied consistently across the EU. The directive touches on many areas of cybersecurity, including identity governance and administration. Directive (EU) 2022/2555 of the European Parliament Read more about NIS2 Directive and Identity Governance[…]
The European Union is quite busy producing cybersecurity regulations. Several cybersecurity-related acts have passed during the last few years, and even more are on the way. The EU looks like it really means to improve cybersecurity. However, an avalanche of new legislation can be quite confusing. Let’s take a closer look at the EU cybersecurity initiative. […]
ISO 27001 is an international standard for information security. It is guidelines for cybersecurity best practices used all over the world. Identity governance and administration (IGA) plays a major part. It is quite natural that midPoint, being a leading open source IGA platform, can be an essential tool for ISO 27001 compliance. […]
Ladies and gentlemen, please welcome midPrivacy, our data protection initiative. Identity management and data protection go hand in hand, one cannot really reach its full potential without the other. However, most identity management systems were a bit short on the data protection side. Therefore we have decided that it is the right time to do something about it. […]
As the entry into force of the GDPR approaches, we continue in our search for the most appropriate lawful basis and assess each requirement. The most discussed kind of legal basis is “legitimate interests”. It is the most flexible one and is designated for various situations, where the others obviously don’t fit. Nevertheless, you cannot Read more about Lawful basis Part II.[…]
Time is running out. There are just few months left to the implementation of the European Commission’s General Data Protection Regulation (GDPR) on 25th May 2018. The main question is: are companies truly prepared? Well, maybe you will be surprised what recent studies have to say about that. […]
On the way to the practical side of the GDPR we need to recognize reasons for processing the personal data, officially known as lawful basis. It has been long time since the data processing had been uncontrolled. You have needed lawful basis since the directive had come into effect, but under the GDPR there is Read more about Lawful basis Part I.[…]
The first thing that most likely comes to the mind when people hear about GDPR is “consent”. That is understandable, as better part of the buzz around GDPR is about customer identities and digital marketing. But this emphasis on consumer identities is casting shadow on other aspects of GDPR that are at least as much important as consent. One of the aspects of GDPR is affecting much larger range of organizations than consent does. In fact almost every organization is affected by it. I’m talking about management of lawful bases for data processing. […]
Consent under the GDPR looks like really complex and complicated issue. Let’s see what we can already clearly explain. To achieve all stated requirements, you need to structure the consent granularly and give data subjects some options. Consent must be “specific”. Blanket consent without stating the exact purpose is not valid, but the GDPR does Read more about GDPR – Consent part II.[…]
As we are getting closer to the practical side of processing personal data under the GDPR, firstly we need to understand the reason of processing expressed in lawful basis. The first and most discussed basis is obviously a consent. Today we will identify the nature, characteristics and features of the consent needed to process personal Read more about GDPR – Consent part I.[…]