Several sector-specific studies on EU data protection and cybersecurity frameworks can be found in the literature, but their differing legal domains has hindered the development of a common analysis of the different sets of provisions from a business perspective. This article sets out to bridge this gap, providing a systematic review and a cross-cutting operational analysis of the main legal instruments that constitute the common European approach to personal data and cybersecurity regulation for the business sector. We aim to demonstrate the existence of a core of common principles and procedural approaches referring to specific cybersecurity and data security technologies. Analysis reveals a coordinated regulatory model based on five pillars: risk-based approach, by-design approach, reporting obligations, resilience and certification schemes. We also highlight the relationship between the main directives and regulations.

The common EU approach to personal data and cybersecurity regulation / Mantelero, Alessandro; Vaciago, Giuseppe; Esposito, Maria Samantha; Monte, Nicole. - In: INTERNATIONAL JOURNAL OF LAW AND INFORMATION TECHNOLOGY. - ISSN 0967-0769. - STAMPA. - 28:4(2020), pp. 297-328. [10.1093/ijlit/eaaa021]

The common EU approach to personal data and cybersecurity regulation

Mantelero, Alessandro;Esposito, Maria Samantha;Monte, Nicole
2020

Abstract

Several sector-specific studies on EU data protection and cybersecurity frameworks can be found in the literature, but their differing legal domains has hindered the development of a common analysis of the different sets of provisions from a business perspective. This article sets out to bridge this gap, providing a systematic review and a cross-cutting operational analysis of the main legal instruments that constitute the common European approach to personal data and cybersecurity regulation for the business sector. We aim to demonstrate the existence of a core of common principles and procedural approaches referring to specific cybersecurity and data security technologies. Analysis reveals a coordinated regulatory model based on five pillars: risk-based approach, by-design approach, reporting obligations, resilience and certification schemes. We also highlight the relationship between the main directives and regulations.
File in questo prodotto:
File Dimensione Formato  
eaaa021_pub version.pdf

accesso aperto

Descrizione: Versione_pubblicata_OA
Tipologia: 2a Post-print versione editoriale / Version of Record
Licenza: Creative commons
Dimensione 288.32 kB
Formato Adobe PDF
288.32 kB Adobe PDF Visualizza/Apri
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11583/2892253