Author name: CIO

CJEU Issues Judgment on Balancing the Right of Access and Protecting Trade Secrets in Automated Decision-making Processes

By / Blog /

CJEU's Feb 27, 2025 judgment in CK v Dun & Bradstreet clarifies GDPR provisions on access to personal data and automated decision-making. It mandates that data subjects must receive meaningful, concise explanations without full algorithm disclosure. Controllers must balance transparency with trade secret protection, sharing relevant information with supervisory authorities for cases involving trade secrets. The ruling rejects blanket legal exclusions for access rights based on trade secrets, requiring case-by-case assessments.

https://www.aoshearman.com/en/insights/ao-shearman-on-data/cjeu-issues-judgment-on-balancing-the-right-of-access-and-protecting-trade-secrets

The CISO as Business Resilience Architect

By / Blog / ,

CISOs must adapt to rising regulatory pressures and evolving cyber threats, leading the way in resilience strategies while managing compliance. Their roles may evolve from purely cybersecurity to overseeing overall business resilience, integrating AI, and collaborating closely with IT and senior management. The CISO's focus will shift towards designing security architectures that support growth and adaptability, making them essential in the boardroom.

https://www.darkreading.com/vulnerabilities-threats/ciso-business-resilience-architect

EU AI Act Roadmap: What Does the AI Act Mean for Your Organization?

By / Blog / , ,

EU AI Act requires organizations to implement a governance system for AI systems, classify them by risk, and prepare for compliance within two years. Violations can incur hefty penalties. Companies should establish clear responsibility lines among IT, legal, and compliance teams, conduct risk assessments, and create an inventory of AI solutions. A proactive approach is needed to meet the law's requirements and mitigate risks involved with AI usage.

https://www.ey.com/en_nl/insights/ai/eu-ai-act-roadmap-what-does-the-ai-act-mean-for-your-organization

Industry Flags ‘serious Concerns’ With Latest Draft of EU AI Code of Practice

By / Blog / , ,

Industry expresses major concerns over the draft EU AI Code of Practice, highlighting unresolved copyright issues and burdensome obligations that could hinder AI innovation. Critics from various sectors say the code lacks legal clarity and fails to address key risks effectively. Feedback on this draft is open until March 30, with a final version expected by May.

https://www.euronews.com/next/2025/03/12/industry-flags-serious-concerns-with-latest-draft-of-eu-ai-code-of-practice

EU AI Act: Latest Draft Code for AI Model Makers Tiptoes Towards Gentler Guidance for Big AI

By / Blog / , ,

EU AI Act's new draft Code for AI model makers offers gentler guidance for compliance, aiming to clarify obligations around transparency and copyright for general purpose AI providers. Feedback for finalizing the Code is being collected until March 30, 2025, amidst concerns about potential overregulation as the EU responds to pressures from the U.S. administration. Key aspects include streamlined commitments and nuanced language that may benefit larger AI companies' data practices. The final version will clarify roles and responsibilities of AI model makers.

https://techcrunch.com/2025/03/11/eu-ai-act-latest-draft-code-for-ai-model-makers-tiptoes-towards-gentler-guidance-for-big-ai/

CISOs and CIOs Forge Vital Partnerships for Business Success

By / Blog / ,

CISOs and CIOs are increasingly collaborating to enhance cybersecurity and support business objectives amid rising threats. Key partnerships focus on strategic planning, transparency, and shared goals, with CISOs often reporting directly to CEOs or alongside CIOs. Successful examples include Webster Bank and United Airlines, where alignment fosters innovation and efficient risk management. Open communication and a business-oriented mindset help CISOs avoid being perceived as bottlenecks, allowing for proactive involvement in strategic discussions to mitigate risks effectively.

https://www.csoonline.com/article/3841624/cisos-and-cios-forge-vital-partnerships-for-business-success.html

How CISOs Are Tackling Cyber Security Challenges

By / Blog / ,

CISOs are addressing cybersecurity challenges by focusing on understanding business needs, enhancing organizational resilience, and improving communication with boards. Notable insights from industry leaders at the Gartner Security and Risk Management Summit highlight the importance of protecting key assets while balancing costs. Effective strategies include fostering relationships with board members, ensuring robust backup practices, and redundancy in cloud architectures. In particular, experts stress the need for disaster recovery planning to swiftly manage incidents and the importance of applying governance across all business areas, similar to operational practices in stores.

https://www.computerweekly.com/news/366620535/How-CISOs-are-tackling-cyber-security-challenges

Navigating NIS 2: Mastering Compliance and Risk in a Fragmented Cybersecurity Landscape

By / Blog /

NIS 2 Directive Overview: NIS 2 aims to enhance EU cybersecurity by imposing minimum standards and responsibilities on businesses, including sectors like health, banking, and energy. However, fragmented implementation across Member States poses compliance challenges. This webinar addresses these key issues for organizations navigating NIS 2 compliance.

https://www.whitecase.com/insight-webinar/navigating-nis-2-mastering-compliance-and-risk-fragmented-cybersecurity-landscape

NIS2: a Matter for Lawyers, IT Professionals — or Both?

By / Blog /

NIS2 emphasizes data security and resilience across sectors. Sebastiaan ter Wee discusses its impact on lawyers and IT professionals, highlighting the need for collaboration. The European focus on privacy under GDPR contrasts with the US's data protection approach. A disconnect exists between cybersecurity and legal departments, which can lead to operational and liability risks. NIS2 broadens responsibilities, urging directors to ensure compliance and understand cybersecurity. Successful integration of legal and IT roles is essential for maintaining effective information security and risk management.

https://www.deloitte.com/nl/en/services/risk-advisory/perspectives/nis2-voor-juristen-iters-of-allebei.html

Scroll to Top