The new and the old: NIS2 and GDPR in corporate information security

By: Trademagazin Date: 2024. 02. 21. 11:16

If you had to name a law that was created specifically for the protection of information in the European Union, almost without exception, GDPR would be the first thing that comes to mind. It’s no wonder, since since May 25, 2018, all companies that manage personal data, such as keeping records of employees or private customers, have had to familiarize themselves with the General Data Protection Regulation (GDPR).

The NIS2 (Network and Information Systems Directive, version 2) directive is probably still mentioned by very few company managers today when it comes to information protection, even though from October 18, 2024, the companies involved must also operate this new information security framework.

Is NIS2 the new GDPR?

The two laws set very similar goals, which is why they can be a basis for comparison. At the same time, NIS2 will not replace the GDPR, even though the new legislation sets much more complex expectations regarding the protection of information systems and the data stored in them. So NIS2 is not the new GDPR. A comparison of the two frameworks, however, can help to understand the new obligations and provide a clue for preparing for them.