The recent ‘Application Security’ Experience Sharing Day covered several Belgian research projects on advanced security approaches.
Privacy Focus Group – 18 February 2020 – DPA in favour of cooperation with CSC
19 februari 2020 – Cyber Security Coalition
At a very well attended Privacy Focus group meeting, Data Protection Authority chairman David Stevens provided more insight into the DPA’s strategic plan 2020-2025 and this year’s management plan. Priorities include a focus on sectors as telecom and media, public sector, direct marketing sector, education and SMB (KMO/PME). This does not mean they are in line for more enforcement, but rather for support and help. Other points of action relate to the GDPR implementation cycle and proactive attention to societal challenges. While requesting funding to hire more people, David Stevens strongly supports cooperation with platforms such as the Cyber Security Coalition, as “we cannot do it all by ourselves.”
A GDPR compliance challenge was highlighted by Roeland Lembrechts’ “Shadow IT and GDPR” presentation (Sirius.Legal). Shadow IT includes all ‘non-ICT approved’ information technology used by employees. Uncertainties regarding GDPR compliance leave employers open to privacy infringements, as they remain ultimately liable as controller. Exceptions are very few, including the employee becoming controller through data processing on his or her own initiative, or liable because of fraud or negligence. His advice: embrace shadow IT, clear up the shadow and provide good policy, participate by buying into it, as well as monitor and manage.
On the picture: David Stevens, Chairman of the Belgian DPA
In a second workshop the Focus Group discussed the NIS implementation challenges faced by the transport sector.
The afternoon’s programme included two external speakers who talked about ‘SaaS security & compliance management challenges’ and ‘shift left’.
The Focus Group discussed the application of an ESA maturity model and took a closer look into the API management domain, one of the pillars of enterprise digital transformation.
NIS workshop – 26 November 2019 – Operationalizing the NIS Directive in the water distribution industry
Late November saw the kick-off meeting of a series of workshops on the NIS implementation in the impacted sectors.