Author: Editor

The Legal Look – A spinning approach towards encryption

By Victor de Pous If it is up to Justice and Security Minister Ferd Grapperhaus technology companies must hand over a decryption key to law enforcement agencies if an investigating criminal judge orders so, for example in a case about transmitting child pornography via WhatsApp or Telegram which use end-to-end encryption. The fierce discussions about government access to encrypted private communication versus privacy protection are old – originally called the “crypto wars” - but have now taken the Netherlands by surprise because the government, until recently, held-on to its stone and finished encryption policy with the Leitmotiv: “Cryptography plays a key role in technical security in the digital domain.” Suddenly the wind blows from a diametrical angle.   Regulating encryption with special legislation – or rather not – is a fine example of divided interests and opinions in the digital society and a lasting legal trend at the same time, just as changing fundamental...

Continue Reading

It’s about time we stopped talking about security…

By Dennis de Geus - Capgemini  This may sound strange from someone who is earning a living with advising organizations on how to protect themselves from the evil threats in the digital world. So, before I’m either outcasted by the cyber community or ruining opportunities to help organizations in the future: let me clarify this a bit further.   Being nothing but a hygiene factor Not a day goes by that we don’t read about another cyber attack in the news. This constant focus in the media is having its effect on the awareness for the topic with the leadership of organizations. And the cyber industry is faring well with it. New players are entering the stage with clockwork precision and if you want, you can visit another conference every week. And when I visit such conference I tend to hear the same message: “We need to invest in cyber security to protect our digital...

Continue Reading

If you’re relying on consent, you’re doing it wrong under the GDPR

By Arnoud Engelfriet Ever since the GDPR went into effect, companies have worked hard to achieve compliance. However, one key mistake keeps on popping up: asking consent as a legal basis for some processing of personal data. It is strange that companies would rely on this ground, because it has the strictest legal requirements and is the most difficult to work with. Yet the myth persists that you should seek consent. Please stop.   Consent is of course one of the ways to acquire a so-called ‘ground for processing’, a legal basis required by the GDPR. Without such a ground, any processing is unlawful. There are other grounds, notably the performance of an agreement and the legitimate interest, but those grounds have scary-sounding requirements like necessity or a balance of interests. Asking consent thus seems logical; you explain what you are going to do and you get a clear and voluntary “yes please”. Right?   Wrong....

Continue Reading

PSD2: A Crucial Link in Building the New Digital Europe

[vc_row][vc_column][qodef_button size="" type="" target="_self" icon_pack="" font_weight="" text="VIEW PDF" link="https://www.dcsp.nl/wp-content/uploads/2019/08/Delex-8949-DCSP-Magazine-01-2018-Edwin-van-Gorp-Chris-Barbiers.pdf"][/vc_column][/vc_row] By Edwin van Gorp and Chris Barbiers A lot of hard work is being done to launch Payments Service Directive - Part 2. But why do we actually need PSD2? And what does this mean for the financial services market? Time to let go of the daily worries and details of PSD2 and to reflect on the larger context, the objectives of the European Commission (EC) and the emergence of the new financial Europe. The PSD2, together with GDPR, is a great piece of European politics. PSD2 is one of the pieces to the puzzle of the European Commission in the construction of a strong internal European market. The idea behind this plan is simple: if we remove barriers within Europe as far as possible, we create a strong internal trade market. As a result, Europe remains a strong player on the world stage, compared...

Continue Reading

Technical and Organizational Controls in a Processor Agreement

[vc_row][vc_column][qodef_button size="" type="" target="_self" icon_pack="" font_weight="" text="VIEW PDF" link="https://www.dcsp.nl/wp-content/uploads/2019/08/Delex-8949-DCSP-Magazine-01-2018-Marianne-Korpershoek.pdf"][/vc_column][/vc_row] Technical and Organizational Controls in a Processor Agreement: How do you make them work? By Marianne Korpershoek When an organization outsources its processing of personal data, the GDPR requires the company to only use processors that can provide adequate guarantees for their security level. In itself, laying down the security requirements in a data processing agreement was a rule that was already covered by the old law, but with the ‘guarantee’ requirement that an organization will now need to have is a big step further in assuring whether there are actually sufficient technical and organizational controls implemented by the processor. Especially now that there are more and more providers of handy apps and cloud applications in which tasks are taken care of.   Consider, for example, an app for pre-employment checks, for video job applications, and so on. Can you still rely on the Guidelines on...

Continue Reading

Talking with Jaya Baloo – Chief Information Security Officer KPN

[vc_row][vc_column][qodef_button size="" type="" target="_self" icon_pack="" font_weight="" text="VIEW PDF" link="https://dcsp.nl/wp-content/uploads/2019/07/Delex-8949-DCSP-Magazine-01-2018-Jaya-Baloo.pdf"][/vc_column][/vc_row] By Claudia Zuidema Two months ago a mister Mao Zhang sent me an email. “This is your bad luck. I hacked your password ***** and I know all your secrets.” If I didn’t transfer 3000 bitcoins to Mr. Zhang within a week, he threatened to send all kind of files and photos to my business relations.   When Jaya Baloo[efn_note]https://jobs.kpn.com/vakgebied/security/jaya-baloo-en-de-eredivisie-van-cybersecurity/[/efn_note], KPN’s Chief Information Security Officer (CISO), states that cybersecurity is a daily issue, she’s right. I met with KPN’s leading lady of cybersecurity at the Security Operations Center (SOC) in Hilversum while she was in the middle of a RED Team meeting.   My first, a little bit corny question, you are a well-known CISO in the World’s Top 100 Chief Information Security Officers list, what’s your biggest professional challenge? ‘KPN is a very large company and that means that there are many challenges. We have to be...

Continue Reading

PSD2 and the GDPR, a Happy Marriage or a Bad Partnership?

[vc_row][vc_column][qodef_button size="" type="" target="_self" icon_pack="" font_weight="" text="VIEW PDF" link="https://dcsp.nl/wp-content/uploads/2019/07/Delex-8949-DCSP-Magazine-01-2018-Ady-van-Nieuwenhuizen.pdf"][/vc_column][/vc_row] By Ady van Nieuwenhuizen The Payment Service Directive 2 (PSD2) is a new European directive for payment services. The directive must ensure uniformity of payments within the European Union. The ultimate goal is to alleviate the concerns with the monopolistic position of banks and to ensure more competition and innovation. An additional goal is to remove the barriers for new entrants to the payment market.   In order to be able to bring this payments uniformity into reality, it is necessary, among others things, to make use of personal data. This unavoidable consequence can lead to clashes with the new privacy legislation, the General Data Protection Regulation (GDPR). All providers of payment services must not only comply with the GDPR, but in the future also with the PSD2. This is the reason why it is important that the PSD2 is in tune with the GDPR.   By...

Continue Reading