CIO.works – Page 138

Cybersecurity Is NOT an Entry-Level Position

By CIO / Blog / workforce, cybersecurity

Summary: Cybersecurity lacks actual entry-level positions; roles often require specific expertise. Professionals argue that experience in IT, especially help desk roles, is essential for transitioning into cybersecurity. While some advocate educating newcomers, others suggest traditional paths through IT. Companies face challenges in training due to budget constraints, leading to reliance on existing employees for workforce development. The industry must clarify job expectations and support various entry points to attract diverse talent.

https://cisoseries.com/cybersecurity-is-not-an-entry-level-position/

Data Sovereignty in Focus as Europe Scrutinizes US Cloud Influence

By CIO / Blog / data privacy, EU, business objectives

Europe increasingly scrutinizes US cloud influence amid data sovereignty concerns, particularly after Trump’s election. Stricter EU regulations like GDPR, NIS2, and DORA aim to protect data, yet US laws such as FISA 702 and the CLOUD Act pose risks. US cloud providers have launched EU-compliant operations, but doubts remain about their ability to protect EU data from US access. EU organizations are advised to use local storage options to ensure data sovereignty.

https://blocksandfiles.com/2025/03/27/eu-data-sovereignty-and-trumps-usa/

Spain’s NIS2 Cybersecurity Overhaul: Prepare for the New Cybersecurity Framework

By CIO / Blog / NIS2, cybersecurity

Spain is implementing a draft cybersecurity law to align with the EU NIS2 Directive, expanding regulations to more “essential” and “important” entities, particularly in critical sectors like energy and finance. Companies must assess their regulatory status and enhance cybersecurity practices, covering incident detection, data protection, and supply chain security. Mandatory registration with the National Cybersecurity Centre is required within three months of designation, with transitional deadlines for service providers. The law emphasizes board-level governance, requiring appointed security officers and regular training. Non-compliance could result in significant financial penalties and reputational harm. Proactive measures are advised for compliance and risk mitigation.

https://www.osborneclarke.com/insights/spains-nis2-cybersecurity-overhaul-prepare-new-cybersecurity-framework

NIS2: What Do We Know so Far About the EU’s Expanded Cyber Security Regulation?

By CIO / Blog / NIS2, cybersecurity

NIS2 is the EU's enhanced cyber security regulation targeting mid- and large-sized organizations in critical sectors, extending beyond previous sectors like finance and energy to include food production, waste management, and more. It imposes higher compliance penalties, stricter reporting, employee training, and robust risk management measures. Managed Security Service Providers (MSSPs) are crucial in helping clients navigate and comply with NIS2 by ensuring infrastructure readiness, providing training, conducting risk assessments, implementing security controls, and maintaining continuous monitoring. MSSPs can leverage partnerships, such as with Check Point, for advanced support in fulfilling NIS2 requirements effectively.

https://blog.checkpoint.com/mssp/nis2-what-do-we-know-so-far-about-the-eus-expanded-cyber-security-regulation/

The Clock Is Ticking: Are You Ready for PCI DSS 4.0?

By CIO / Blog / PCI DSS

PCI DSS 4.0 compliance deadline is March 31, 2025. Organizations must meet new requirements, including expanded multi-factor authentication (MFA), longer passwords, automated application protection, and enhanced training programs. Thales and Imperva can assist with compliance through data security, application protection, and identity management solutions. Compliance is critical to avoid significant financial penalties and to build consumer trust in data handling.

https://securityboulevard.com/2025/03/the-clock-is-ticking-are-you-ready-for-pci-dss-4-0/

Responsible Data Use In An Age Of AI

By CIO / Blog / AI, regulation, EU

EU AI Act sets regulations for AI systems, emphasizing ethical data use and transparency. Businesses must comply with evolving guidelines to safeguard privacy while avoiding stifled innovation. Key steps include clear data governance, regular risk assessments, human oversight, and employee training to balance compliance with ongoing AI development.

https://www.forbes.com/councils/forbestechcouncil/2025/03/27/responsible-data-use-in-an-age-of-ai/

AI Act and the Automotive Industry

By CIO / Blog / industries, regulation, AI, EU

TLDR: The EU AI Act, effective August 2024, introduces sector-neutral regulations for AI in the automotive industry, aimed at addressing safety risks. It classifies AI systems into high-risk and low-risk categories, imposing compliance requirements especially on systems related to autonomous vehicles. These regulations aim to ensure safety and accountability while requiring automotive stakeholders to adapt to new standards, challenging both EU and non-EU companies entering the market.

https://www.taylorwessing.com/en/insights-and-events/insights/2025/03/ai-act-and-the-automotive-industry

The Data Act: Six Months to Go — But What To Do?

By CIO / Blog / GDPR, data protection, EU, regulation

The Data Act, effective September 12, 2025, mandates greater data access and sharing for IoT products in the EU, including medical devices. It requires manufacturers to design products for easy, secure data access, impacting how they handle both personal and non-personal data under GDPR. With six months until implementation, businesses should prepare technically and organizationally, updating contracts to comply with new data-sharing requirements.

https://www.ropesgray.com/en/insights/viewpoints/102k6pq/the-data-act-six-months-to-go-but-what-to-do

Balancing GDPR Data Access Rights Against the Rights of Others

By CIO / Blog / GDPR

Balancing GDPR access rights has become challenging for controllers, particularly regarding the right of access versus competing rights, such as third-party privacy. Article 15(3) GDPR grants individuals access to their personal data, but Article 15(4) allows limitations if it affects others' rights. The EDPB provides guidelines emphasizing a case-by-case assessment to weigh rights and justify access limitations. The DPC recently highlighted that restrictions should be evidence-based, particularly in sensitive situations. Controllers must document decisions effectively and seek legal advice to navigate potential risks while adhering to GDPR.

https://www.arthurcox.com/knowledge/balancing-gdpr-data-access-rights-against-the-rights-of-others/

Zapier MCP—Connect Your AI to Any App Instantly

By CIO / Blog / AI, automation, integration

Zapier MCP: Connect AI to 7,000+ apps instantly without complex integrations. Enable AI to perform tasks (send messages, manage data) quickly and securely. Ideal for developers, AI enthusiasts, and business teams. Start building with easy setup steps and customizable actions. Free usage up to specified limits; integrates with any AI platform.

https://zapier.com/mcp