International Regulations and Compliance
International compliance aligns privacy, cybersecurity, physical security, and supply chain controls. Goal: mitigate operational risk and penalties, ensure continuity and trust across markets.
Data protection (GDPR)
- Lawful bases: consent, contract, legal obligation, vital/public interest, legitimate interest.
- Principles: lawfulness, transparency, minimisation, purpose limitation, accuracy, integrity, accountability.
- Obligations: records of processing, DPIA for high risk, DPO when required, data subject rights.
- Breach: notify authority within 72 hours where required; inform individuals if high risk.
Cross-border transfers
- Adequacy: jurisdictions/agreements recognised as providing adequate protection.
- Standard Contractual Clauses: EC model clauses for non-adequate countries.
- Binding Corporate Rules: intra-group policies approved by DPAs.
Horizontal cybersecurity (NIS2)
- Minimum requirements for “essential and important entities”.
- Risk management, technical/organizational measures, incident reporting, audits and penalties.
Financial sector (DORA)
- ICT operational resilience for banks, insurers, investment firms.
- Risk management, testing, incident reporting, critical third parties.
Standards and frameworks
- ISO/IEC 27001: ISMS requirements and continual improvement.
- NIST CSF 2.0: Govern, Identify, Protect, Detect, Respond, Recover.
Maritime security
- SOLAS XI-2 / ISPS Code: ship, port and ship/port interface requirements.
Supply chain and customs
- EU AEO: authorised operator status for security and trade facilitation.
Governance and operations
- Roles: Controller, Processor, DPO, CISO.
- Policies: data classification, access control, retention, incident response.
- KPIs & audits: periodic tests, training, incident register, continuous improvement.
