Novel EU Legal Requirements in Big Data Security: Big Data - Big Security Headaches?

• Author: Jasmien César - Julien Debussche
• Position: The authors are associates at the law firm Bird & Bird LLP, Brussels
• Pages: 79-88

Novel EU Legal Requirements in Big Data Security

2017

79

1

Novel EU Legal Requirements

in Big Data Security

Big Data – Big Security Headaches?

by Jasmien César and Julien Debussche, the authors are associates at the law firm Bird & Bird LLP, Brussels,

toreador@twobirds.com

© 2017 Jasmien César and Julien Debussche

Everybody may disseminate this ar ticle by electronic m eans and make it available for downloa d under the terms and

conditions of the Digital P eer Publishing Licence (DPPL). A copy of the license text may be obtain ed at http://nbn-resolving.

de/urn:nbn:de:0009-dppl-v3-en8.

Recommended citation: Jasmi en César and Julien Debussche, Novel EU Legal Requirements in Big Dat a Security: Big Data –

Big Security Headach es?, 8 (2017) JIPITEC 79 para 1.

tinence for big data service providers. In addition, it

lays down practical recommendations for the imple-

mentation of those requirements into the internal

security strategies of big data service providers.

Abstract: This paper aims to provide an over-

view of the new legal requirements related to secu-

rity and breach notification imposed on businesses

in the European Union and to demonstrate their per-

A. Security

1

As highlighted by the European Commission in its

Communication “Towards a thriving data-driven

economy”, we currently observe a new industrial

revolution driven by digital data, computation and

automation.

1

Human activities, industrial processes,

and research all engender the collection and

processing of data in unprecedented proportions,

triggering new products and services as well as new

business processes and scientic methodologies.2

2

The resulting datasets, or “big data”, are prone

to security risks and incidents. In recent times,

instruments have emerged to prevent or adequately

respond to such risks, thereby imposing obligations

on different actors in the data value cycle.

1 Communication from the Commission to the European

Parliament, the Council, the European Economic and Social

Committee and the Committee of the Regions, “Towards a

thriving data-driven economy”, 2 July 2014, COM(2014) 442

nal.

2 Ibid.

3 Such obligations not only derive from the General

Data Protection Regulation (the GDPR), but also from

other legislative instruments at both the European

Union (EU) and national level. The advent of the

(minimal harmonisation) Network Information

Security Directive (the NIS Directive, also known

as the Cyber-security Directive) has multiplied the

requirements relating to security and cyber-security.

I. Requirements under the General

Data Protection Regulation

4

For most big data analytics, it cannot be excluded

that a processing of personal data will take place.

In such case, the requirements relating to security

under the GDPR will apply.

5

The obligations under the GDPR in relation to

security are closely linked to those under the NIS

Directive examined below, and are in line with best

practices applicable to information society systems

that require adequate protection of assets.

Keywords: Big data; security; breach notification; legal obligations