Main regulations affecting information security - European Union

GLOBAL: universal regulations or standards, applicable to entities worldwide.

Who's impacted: entities to which the standards or regulations apply.

Global GLOBAL 
Risk ManagementWho's impacted?

Basel II

The aim of this regulation is to better align bank capital requirements with underlying risks. Banks are required to monitor, mitigate and disclose risk.

http://www.bis.org/publ/bcbsca.htm

  • Global financial services organizations
  • International banks with assets greater than $250 billion or foreign exposures greater than $10 billion.

Payment Card Industry (PCI) Data Security Standard

The aim of this standard is to provide a single set of security requirements to be used by all payment organizations. Merchants and service providers should use the standard to assess their security status.

https://www.pcisecuritystandards.org/

  • All members, merchants, and service providers that store, process, or transmit cardholder data.

 

EU EUROPEAN UNION 
PrivacyWho's impacted?

EU Data Protection Directive (EU DPD)

This directive covers the processing of personal data, including automatically-processed data and manual data in a filing system. Organizations must implement appropriate measures to protect personal data against unauthorized access, accidental or unlawful destruction, accidental loss, alteration or unauthorized disclosure.

The US Safe Harbor Arrangement is a streamlined process for US companies to comply with the Directive.

http://www.cdt.org/privacy/eudirective/EU_Directive_.html

  • Directive applies to member countries and other countries that do business with them.

EC Privacy and Electronic Communication Regulations
(EC Directive) - 2003

This directive protects the public from electronic marketing practices that cause nuisance, offence and invasion of privacy. It calls for secure measures to be put in place to ensure that electronic marketing records are both available and correct. Electronic service providers are required to maintain system and network uptime as well as implement security measures to protect customer data.

http://europa.eu.int/comm/justice_home/fsj/privacy/law/index_en.htm

  • Organizations that use email marketing
  • Telecom companies and ISPs must implement additional security technologies and practices to safeguard their services.
Information Integrity 

EU Annex 11, Computerized Systems

The main aim of this regulation is to ensure that "records are accurately made and protected against loss or damage or unauthorized alteration so that there is a clear and accurate audit trail throughout the manufacturing process".

http://www.labcompliance.com/documents/europe/h-213-eu-gmp-annex11.pdf

  • Pharmaceutical manufacturers using computerized systems.

Volver Arriba

MS Partner logo