Last review date: 31 December 2024

Yes.

☒         general obligation to take appropriate / reasonable technical, physical and/or organizational security measures

☒         requirement to undertake third party due diligence (security assessment of third party providers)

Last review date: 31 December 2024

☒         public company obligations

☒         network information security requirements (broader than telecommunications)

☒         financial services requirements

☒         telecommunication requirements

☒         providers of critical infrastructure

☒         digital or connected (IoT) products

☒         other

Requirements on public authorities/government entities and providers of critical national infrastructure under NCA’s cybersecurity controls.

Last review date: 31 December 2024

☒         Data privacy

☒         network information security

☒         financial services

☒         telecommunications

☒         critical infrastructure

Limited public enforcement actions, but significant developments in terms of new regulation and guidance.

Last review date: 31 December 2024

Yes. The PDPL contains data breach reporting obligations.

Last review date: 31 December 2024

☒         data protection authorities

☒         cybersecurity authorities

☒         affected individuals

Last review date: 31 December 2024

☒         controller/ owner

Last review date: 31 December 2024

Yes.

☒         cybersecurity authorities

☒         financial services requirements

☒         telecommunication requirements

☒         providers of critical infrastructure