The Upper House of the Dutch parliament recently adopted the Data Processing and Cybersecurity Reporting Obligation Act (Wet gegevensverwerking en meldplicht cybersecurity). What are the consequences of this approval, in general and specifically for the Energy sector?
The interview with Jeroen Naves and Margot van Meeuwen-Verbaan published on Energeia.nl on 1 August 2017 is available in Dutch here.
If you would like to be sure whether or not the Cybersecurity Reporting Obligation applies to your organisation, click here to read more about the subject.
Cybercrime is fast becoming one of the biggest challenges for government authorities and businesses. The list of hacked authorities and businesses is getting longer by the day, and the associated damage to reputation is always serious. And in its annual report for 2016, the Dutch General Intelligence and Security Service (AIVD) already then referred to digital espionage with an economic motive as 'a source of concern' and discussed various cases in which cybercrime had led to the sabotage of vital processes or the infliction of physical and political damage.
If cybersecurity was not yet high on your agenda as a company or government authority, it probably has become an important agenda item after the global ransom software attack in May 2017. The prevention and adequate handling of cyber incidents has thus become a priority.
We would be happy to advise you on the legal measures you can take to reduce the chances of a successful cyber attack and, should an attack take place, to limit its impact. Our Cybersecurity Team consists of specialists in the fields of privacy law, procurement law, ICT contract law, liability law and criminal law.
The Cybersecurity Team can provide advice on how to limit the chances of undesirable parties gaining control over your ICT infrastructure during your tendering and contracting activities. The team would also be happy to assist you in implementing legislation and regulations in the field of cybersecurity, such as the Data Processing and Cybersecurity Reporting Obligation Act.
We are also on hand to help if your organisation does suffer a cyber attack. Together with other internal and external advisors, the team will ensure that the impact of the cyber attack is kept to a minimum, with speed and efficiency being of paramount importance. In addition to the more practical steps that need to be taken, we can help you with all the legal aspects that your organisation has to deal with in the event of a cyber attack. Examples include taking stock of whether an incident has consequences for contracts concluded with third parties, and making reports to the Dutch Data Protection Authority, the Netherlands Authority for the Financial Markets and, in the future, possibly the NCSC. Once the cyber attack is over, you may want to investigate how to recover any damage you have suffered.
If you have any questions about how to respond before, during or after a cyber attack, please contact us. We would be happy to discuss this with you.