EDPSThe EDPB and EDPS have adopted a Joint Opinion on the proposal for a Cybersecurity Act 2 (CSA2) and amendments to the Network and Information Security 2 (NIS2) Directive
The Commission’s proposal aims to maximise the effectiveness of cybersecurity measures and streamline how organisations remain compliant. While we welcome these efforts, we emphasize that the processing of personal data must remain limited to what is strictly necessary and must not undermine fundamental rights.
📃 Key recommendations:
- Strengthening ENISA: We support the general objective to reinforce the European Union Agency for Cybersecurity (ENISA) and facilitate the uptake of cybersecurity certifications.
- Clear coordination: We welcome that ENISA’s advice would be issued upon prior request from the EDPB, ensuring clear division of responsibilities. We suggest adding the EDPS as a potential requestor for such advice.
- One place for data breach notifications: In line with our previous Digital Omnibus opinion, we support a single-entry point for notifying personal data breaches to reduce administrative burdens for organisations.
- Consistent certification: The relationship between the European Cybersecurity Certification Framework and GDPR certification must be clarified to ensure consistency across the EU.
- Broader skills framework: The European Cybersecurity Skills Framework should not be limited to cybersecurity professionals, and should include a general workforce profile.
- Digital Identity Wallets: We welcome the designation of European Digital Identity and Business Wallet providers as ‘essential entities’ under the NIS2 amendments.
“Our hope is that this new mandate fosters the synergies needed to create a robust ecosystem where security and privacy go hand in hand,” stated Wojciech Wiewiorowski, @Supervisor .
🔎Read the press release: https://lnkd.in/ewkGvgSs
🔎Read the joint opinion: https://lnkd.in/e5ncjfZ2
The Commission’s proposal aims to maximise the effectiveness of cybersecurity measures and streamline how organisations remain compliant. While we welcome these efforts, we emphasize that the processing of personal data must remain limited to what is strictly necessary and must not undermine fundamental rights.
📃 Key recommendations:
- Strengthening ENISA: We support the general objective to reinforce the European Union Agency for Cybersecurity (ENISA) and facilitate the uptake of cybersecurity certifications.
- Clear coordination: We welcome that ENISA’s advice would be issued upon prior request from the EDPB, ensuring clear division of responsibilities. We suggest adding the EDPS as a potential requestor for such advice.
- One place for data breach notifications: In line with our previous Digital Omnibus opinion, we support a single-entry point for notifying personal data breaches to reduce administrative burdens for organisations.
- Consistent certification: The relationship between the European Cybersecurity Certification Framework and GDPR certification must be clarified to ensure consistency across the EU.
- Broader skills framework: The European Cybersecurity Skills Framework should not be limited to cybersecurity professionals, and should include a general workforce profile.
- Digital Identity Wallets: We welcome the designation of European Digital Identity and Business Wallet providers as ‘essential entities’ under the NIS2 amendments.
“Our hope is that this new mandate fosters the synergies needed to create a robust ecosystem where security and privacy go hand in hand,” stated Wojciech Wiewiorowski, @Supervisor .
🔎Read the press release: https://lnkd.in/ewkGvgSs
🔎Read the joint opinion: https://lnkd.in/e5ncjfZ2
