This year, two laws have taken effect in the UK that will reshape the way Cloud service providers operate. The EU GDPR (General Data Protection Regulation) and NIS Regulations (Network and Information Systems Regulations 2018) place an added emphasis on organisations’ ability to prevent data breaches and ensure that critical infrastructure remains operational in the event of disruption.
Both regulations contain a long list of requirements, many of which we discuss in our GDPR and NIS Regulations blogs. When it comes to implementing those requirements, there’s a lot of overlap – both in terms of general approach and specific measures. This means that a lot of the work you do for one set of requirements can be replicated for others.
For example, both regulations focus on security, incident response and performance evaluation, and they each establish requirements for incident reporting. Additionally, both stipulate that these measures should be risk-based and recognise technical and organisational solutions.
This shouldn’t be a surprise, because risk-based approaches are at the heart of cyber security and business continuity. Without accurate information about the threats you face, it’s difficult to make sure you’re allocating resources correctly and addressing issues adequately and proportionately.
Knowing where to begin with a project is often an organisation’s biggest challenge, but this is doubly true for information security and business continuity because there is so much pressure to get it right. Mistakes early on won’t only lead to delays and sunken costs; they could also jeopardise an organisation’s security and result in fines or disciplinary action.
You can make sure you get started on the right track by downloading GDPR and NIS Regulations – A business opportunity for Cloud providers. This free green paper goes into more detail about the ways in which you can make the new regulations work for you.
It explains the key requirements you need to meet, and draws parallels between the two regulations, helping you simplify the compliance process. It also includes advice on the steps you can take to ensure compliance, and suggests tools and services that you can use.
Our new NIS Regulations pocket guide is the essential guide for DSPs (digital service providers), offering an overview of the Regulations and the impact it has, as well as providing you with expert compliance advice.