Abstract
The FORTIKA project introduces a security solution in the market for SMEs that aims to (a) minimize the exposure of small and medium sized businesses to cyber security risks and threats, and (b) help them respond to cyber security incidents. Taking the above into consideration it is anticipated that the FORTIKA Platform will reinforce the cybersecurity environment adopted by the NIS Directive; At the same time, however, FORTIKA, as a digital service provider itself – and more specifically an online market place – should comply with the obligations included in the Directive’s text. In this context, Fortika should
adopt the security requirements introduced in article 16 of the NIS Directive, as well as comply with the incident notification process of the same article. This report puts forward an indicative list of minimum security measures FORTIKA users could consider in order to establish, implement, operate, monitor and continuously maintain and improve an appropriate level of security. At the same time 4-steps guidelines are proposed (following ENISA’s guidelines) that
FORTIKA users could implement in its effort to comply with the Directive and the notification process described therein in particular.
Apart from the cybersecurity issues referred to above, the FORTIKA project raises considerable personal data protection issues. It is expected that the FORTIKA platform will collect personal data, in the course of its implementation. It is therefore suggested that FORTIKA falls within the scope of the General Data Protection Regulation (GDPR). An analysis of the new Regulation’s main definitions, processing principles as well as of the rights afforded to individuals
is introduced, which is followed by concrete suggestions on GDPR compliance requirements for the FORTIKA project.
adopt the security requirements introduced in article 16 of the NIS Directive, as well as comply with the incident notification process of the same article. This report puts forward an indicative list of minimum security measures FORTIKA users could consider in order to establish, implement, operate, monitor and continuously maintain and improve an appropriate level of security. At the same time 4-steps guidelines are proposed (following ENISA’s guidelines) that
FORTIKA users could implement in its effort to comply with the Directive and the notification process described therein in particular.
Apart from the cybersecurity issues referred to above, the FORTIKA project raises considerable personal data protection issues. It is expected that the FORTIKA platform will collect personal data, in the course of its implementation. It is therefore suggested that FORTIKA falls within the scope of the General Data Protection Regulation (GDPR). An analysis of the new Regulation’s main definitions, processing principles as well as of the rights afforded to individuals
is introduced, which is followed by concrete suggestions on GDPR compliance requirements for the FORTIKA project.
| Original language | English |
|---|---|
| Number of pages | 53 |
| Publication status | Published - 30 May 2018 |