Last review date: January 2025
Yes
☒ general obligation to take appropriate / reasonable technical, physical and/or organizational security measures
☒ other
The Personal Data Protection Law includes an obligation on both controllers and processors to record a description of data security measures in the maintained record of processing activities.
Last review date: January 2025
Yes
☒ financial services requirements
The Banking Law obliges licensed financial institutions to provide secure systems that ensure the integrity and confidentiality of customer data and accounts. The Financial Regulatory Authority imposes certain IT system requirements on some of the non-banking financial regulated entities.
☒ telecommunication requirements
The Cybercrimes Law establishes certain cybersecurity obligations on ICT service providers in relation to data retention, security and confidentiality.
☒ digital or connected (IoT) products\
The National Telecom Regulatory Authority’s IoT Framework includes specific requirements, such as an annual cybersecurity assessment (consisting of penetration and vulnerability tests to be performed by reputable providers) and annual report on cybersecurity risks and resilience.
Last review date: January 2025
☒ telecommunications
Last review date: January 2025
Yes
☒ data protection authorities
☒ cybersecurity authorities
☒ affected individuals
Last review date: January 2025
☒ data protection authorities
☒ cybersecurity authorities
☒ affected individuals
Last review date: January 2025
☒ public company obligations (e.g., to notify security incidents that may materially affect an investor's decision)
☒ health regulatory requirements (e.g., to notify incidents affecting safety of medical devices)