Cybersecurity

Cybersecurity

  • cybersecurity
  • data protection
  • GDPR
  • NIS2
  • DORA
  • security audits
  • pentesting
  • protection from cyberattacks
  • IT systems
  • digital service providers
  • key service operators

As part of our services, our law firm provides legal assistance to help clients implement regulations governing data protection. Given the dynamic technological development, we offer specialized legal services that extend beyond ordinary personal data protection, encompassing other valuable company data, often confidential, and critical to the operations of companies or entities providing essential public services.

For larger enterprises that process data, the most significant factor is the IT solutions used to secure that data. We understand that the correct implementation of cybersecurity standards requires close collaboration between IT professionals, programmers, and qualified legal counsel.

Understanding the type of data held by the client and their network and IT system environment is crucial in establishing a data protection policy and implementing appropriate risk management procedures and measures in cybersecurity.

Legal Support for Essential and Important Entities

We assist our clients in meeting the challenge of implementing appropriate access control policies and safeguards against cyberattacks in accordance with Directive (EU) 2022/2557 (NIS2), which applies to, among others:

  • Healthcare providers and medical device manufacturers
  • Postal service operators
  • Rail transport companies
  • Companies involved in food processing and distribution
  • Waste management enterprises
  • Providers of digital infrastructure, including cloud services
  • Companies involved in the production, manufacturing, and distribution of chemicals
  • Manufacturers of electronic goods, automobiles, machinery, and equipment
  • Public administration
  • Banking institutions

Furthermore, we provide legal advice on fulfilling the obligations imposed on financial sector entities and ICT service providers under Regulation (EU) 2022/2554 (DORA), which must be implemented by January 2025. Consulting with qualified legal counsel is essential, as financial entities and external ICT service providers must ensure that their service agreements, including those supporting critical or important functions, incorporate the key provisions set out in DORA.

Cybersecurity Procedures and Legal Documentation

Our firm’s legal services also include drafting, among others:

  • Software update procedures
  • Data security testing procedures
  • Backup procedures (BackUp Procedure)
  • Data replication and business continuity plans (BCP)
  • Agreements with external IT auditing firms or Certified Ethical Hackers for conducting security testing and entrusting access to data, including personal data

Legal assistance is essential to assess whether a given method of software or IT infrastructure testing infringes on intellectual property rights. Penetration testing may interfere with copyrights on computer programs and involve the risk of personal data breaches.

Coordination between the client’s team and the law firm is crucial for assessing the risk of data breaches and selecting the appropriate data security measures. Cybercriminals and hackers, who benefit from technological advances, including artificial intelligence (AI), are using increasingly sophisticated methods to breach security and gain unauthorized access to data.

Every company and individual employee can fall victim to cyberattacks, such as the use of malware, phishing, or vishing, where cyber-fraudsters utilize AI systems to simulate identities.

Staying updated on technological advancements and new cyberattack methods and threats is essential for data security. Therefore, we offer legal support in conducting cybersecurity training on the legal aspects for management teams and company personnel.

Do you have any questions?