Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and…
Implementation of Art 15: Security breaches notifications in trust services
The European Commission proposed on July 2012 a draft regulation on electronic identification and trust services for electronic transactions in the internal market, which will replace the existing Electronic Signature Directive 1999/93/EC. Article…
Proposal for One Security Framework for Articles 4 and 13a
There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of…
Securing Personal Data in the Wake of AI
This year’s Annual Privacy Forum focused on pressing personal data protection challenges raised by the ever faster-paced developments witnessed today in digital technologies and legislative initiatives.
Annual Privacy Forum (APF) 2025
After 12 years, the Annual Privacy Forum (APF) enters into a new era! ENISA passes the baton to Goethe University Frankfurt and Karlstad University for the continuation of the successful event that bridges research and policy…
Securing Personal Data: a risk-based approach
To mark Data Protection Day 2020 on 28 January, the EU Agency for Cybersecurity launches an online platform to assist in the security of personal data processing; this platform implements a risk-based approach to personal data security as a means to…
Call for advisory group: Personal data security in small and medium organizations
ENISA launches an advisory group to contribute in developing “a framework on appropriate security measures for the processing of personal data in small and medium organizations”.
Cybersecurity to the Rescue: Pseudonymisation for Personal Data Protection
ENISA’s new report explores pseudonymisation techniques and use cases for healthcare and information sharing in cybersecurity
Pandemic urges strong measures to address risks on the security of personal data
The 9th edition of the Annual Privacy Forum was co-organised by the EU Agency for Cybersecurity (ENISA), the European Commission (Directorate General for Communications Networks, Content and Technology) and the University of Oslo, with the support…