Journal
COMPUTER LAW & SECURITY REVIEW
Volume 52, Issue -, Pages -Publisher
ELSEVIER ADVANCED TECHNOLOGY
DOI: 10.1016/j.clsr.2023.105914
Keywords
Cybersecurity; Appropriate technical and organisational; measures; IT systems; GDPR; Risk assessment; Compliance obligations
Categories
Ask authors/readers for more resources
Cybersecurity is a debated topic in both technical and legal scholarship, with entrepreneurs increasingly aware of the impact of security incidents on their businesses. This article provides guidance on assessing the concept of 'appropriate technical and organizational measures' through cybersecurity maturity models, offering an opportunity to bridge the gap between technical insight and legal compliance.
Cybersecurity is a much-debated topic in both technical and legal scholarship. With contemporary business models hinging on highly performant information systems, there is increased awareness among entrepreneurs that security incidents often have devastating consequences on undertakings' revenue streams, intellectual property, and brand reputation. As a result, there is an increased focus on the obligation to implement cybersecurity measures. In the context of the GDPR, cybersecurity obligations seem to converge on the requirement to deploy 'appropriate technical and organisational measures' in order to ensure a level of security commensurate with the risks posed to an organisation. Yet, given the complex and rapidly evolving nature of the subject matter, the precise meaning and scope of these obligations remain unclear. This contribution offers guidance on how to assess the concept of 'appropriate technical and organisational measures' by considering it through the lens of cybersecurity maturity models. Accordingly, this article provides anchorage to scholarly audiences when scrutinizing the extent to which privacy and security measures qualify as 'appropriate' in the context of liability claims and actions for damages, thereby creating an opportunity to move from technical insight to legal compliance.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available