Last review date: 18 January 2024

Yes.

☒   general obligation to take appropriate / reasonable technical, physical and/or organizational security measures

☐   obligation to take specific security measures e.g., encryption

☐   requirement to undertake third party due diligence (security assessment of third party providers)

☒   encryption 

☒   other

• Information access controls, including access and privileges management, user identification controls and the maintenance of evidence of the interaction with the personal data.
• Backups copies.
• Information copy controls.

Last review date: 18 January 2024

☐   public company obligations (e.g., duties to maintain sufficient information security measures or ensure operational resilience to cyberattacks)

☐   network information security requirements (broader than telecommunications)

☒   health regulatory requirements

☐   financial services requirements

☒   telecommunication requirements

☒   providers of critical infrastructure

☒   other

There are obligations to adopt measures to guarantee confidentiality of the information for the marked sectors. The DPA has stated that a cyberattack could breach the duty to guarantee confidentiality.

If yes, please provide brief details of the relevant law or regulation.

Last review date: 18 January 2024

No

☐   Data privacy

☐   Securities or public company

☐   network information security

☐   health

☐   financial services

☐   telecommunications

☐   critical infrastructure

☐   other