Last review date: January 2025

Yes

☒         general obligation to take appropriate / reasonable technical, physical and/or organizational security measures

☒         other

The Personal Data Protection Law includes an obligation on both controllers and processors to record a description of data security measures in the maintained record of processing activities.

Last review date: January 2025

Yes

☒  financial services requirements

The Banking Law obliges licensed financial institutions to provide secure systems that ensure the integrity and confidentiality of customer data and accounts. The Financial Regulatory Authority imposes certain IT system requirements on some of the non-banking financial regulated entities.

☒  telecommunication requirements

The Cybercrimes Law establishes certain cybersecurity obligations on ICT service providers in relation to data retention, security and confidentiality.

☒  digital or connected (IoT) products\

The National Telecom Regulatory Authority’s IoT Framework includes specific requirements, such as an annual cybersecurity assessment (consisting of penetration and vulnerability tests to be performed by reputable providers) and annual report on cybersecurity risks and resilience.

Last review date: January 2025

 ☒         telecommunications

Last review date: January 2025

Yes

☒        data protection authorities

☒        cybersecurity authorities

☒        affected individuals

Last review date: January 2025

☒       data protection authorities

☒       cybersecurity authorities

☒       affected individuals

Last review date: January 2025

☒         public company obligations (e.g., to notify security incidents that may materially affect an investor's decision)

☒         health regulatory requirements (e.g., to notify incidents affecting safety of medical devices)