Directive on Security of Network and Information Systems

Adam Palmer, Director of International Government Affairs, FireEye, provides his view about Directive on Security of Network and Information Systems.

Adam Palmer, Director of International Government Affairs at FireEye:

“The EU NIS directive will have a fundamental impact on the way that most organisations in European Union member states implement security policies and report breaches. Organisations of all sizes will now need to adopt mitigation measures that will manage risk stemming from zero-day exploits and never-seen-before malware as these attacks constitute the majority of advanced attacks in today’s threat environment.

Recent research carried out by FireEye shows that many organisations are not fully prepared for the implementation of this legislation, so it is critical to react now to be in compliance and not be caught unprepared as the 21month timeframe kicks in.

In the wake of Brexit, in practical terms UK organisations should, of course, still look to be compliant with this new European legislative measure. Baring in mind that the timeline for UK withdrawal from the EU is at least two years it will be expected that the UK comply with the new law, which will come into effect in May, 2018. Timeframes aside, in future the UK will still be subject to this legislation where UK companies process EU citizens’ personal data in connection with their offer of goods or services, or if they provide “monitoring” activities. The same applies if a group company is located in the EU or have staff operating within any EU member state.

Long-term, the UK will need to ensure it finds a way to be considered as a country with an adequate level of data protection, so that neither data storage or data transfer will prove problematic. The UK Data Protection Authority would also do well to encourage the UK government to align with EU data protection laws in order to safeguard the trust of global customers.”