Accelerate your digital journey by adapating to rules and regulations

Lets talk a bit about Digital transformation, rules, regulations and compliance! Yepp you are right,  boring combination of something very interesting and something that is very much a necessity! But managed the right way this is a huge possibility for you to create a competitive advantage!

Here is a summary of what is going on looking at the rules and regulations that is affecting us all right now! And there are a lot of them, we are talking about DSA, GDPR, DMA and NIS2.. what are they all about??

We have made a breakdown of a few that are very important to know about! Lets have a look?

Content:

1.   Digital transformation and Compliance

2.  General Data Protection Regulation (GDPR)

3.  Digital Services Act (DSA)

4.  Digital Markets Act (DMA)

5.  Data Act

6. Network and Information Security Directive (NIS2)

7. European Digital Identity (eID Regulation)

Digital transformation and Compliance:

The digital transformation of businesses is a complex and ever-evolving process. As businesses increasingly rely on digital technologies to operate, they are also facing a growing number of regulations and compliance requirements.

New regulations like the Digital Services Act (DSA) and the Network and Information Security (NIS) and Directive 2 (NIS2) are just two examples of the way in which the digital landscape is being shaped by new rules and standards.

The General Data Protection Regulation (GDPR), is one example which went into effect in the European Union in 2018. It has had a profound impact on how businesses handle personal data. The GDPR is a comprehensive piece of legislation that grants individuals greater control over their personal data and imposes strict obligations on organizations that collect, process, and store personal data.

While the GDPR has been widely praised for its focus on privacy and security, it has also introduced a number of complexities for businesses that are undergoing digital transformation. These complexities arise from the GDPR's far-reaching scope, its emphasis on transparency and accountability, and its requirement for businesses to implement robust data protection measures.

These regulations in general have a significant impact on businesses, as they require them to adapt their practices to meet new requirements around data protection, cybersecurity, and consumer protection. For businesses that are already undergoing digital transformation, these regulations can provide an opportunity to align their practices with the evolving regulatory landscape.

However, for businesses that are not yet fully digitalized, these regulations can pose a significant challenge.

In order to effectively manage the challenges of compliance with new regulations, businesses need to develop a comprehensive digital transformation strategy. This strategy should identify the key areas of compliance that need to be addressed, and develop a plan to implement the necessary changes. Businesses should also consider investing in training and resources to help their employees understand and comply with the new regulations. By taking a proactive, maybe more of a aggressive approach to digital transformation and compliance, all businesses can ensure that they are well-positioned to succeed in the increasingly regulated and competitive digital world.

Below is a few highlights on new regulations that are relevant for businesses right now!

General Data Protection Regulation (GDPR):

First off, we all know it. GDPR. IT has been around for a while and  is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.

The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

Digital Services Act (DSA): 

This landmark regulation sets forth new rules for online platforms. Its primary objectives are to safeguard users from harmful content and ensure that online platforms conduct their activities in a transparent and accountable manner.

The EU Digital Services Act (“DSA”) will start applying from February 17, 2024 to a broad array of intermediary services offered in the EU, including online marketplaces, web-hosting services, cloud services, search engines, and social media platforms.

The digital services act mostly applies to services and platforms like:

• Very large online platforms (VLOPs): These are online platforms that have at least 45 million users in the EU. 
• Very large online search engines (VLOSEs): These are online search engines that have at least 15 million daily unique users in the EU. 
• Online platforms: These are online platforms that facilitate the sharing or dissemination of information or content by users.
• Hosting services: These are online services that host content uploaded by users, such as cloud storage services and websites.
• Intermediary services: These are online services that provide connections between users, such as internet service providers and email service providers. 

Digital Markets Act (DMA): 

DMA aims to introduce new rules for platforms that act as ‘gatekeepers’ in the digital sector and ensure that markets impacted by them remain fair and competitive.

The Digital Markets Act (DMA) is a regulation affecting organizations doing business in the European Union. As of November 2022, when it went into effect, it addresses antitrust concerns with large tech companies —gatekeepers— that control a lot of online activity and process massive amounts of consumer data.

To be designated as a gatekeeper, an online platform must meet the following criteria:

Economic position: The platform must have a significant market power in at least one of the following markets: online search, social networking, online intermediation services, operating system software, cloud services, video-sharing platforms, or audio-streaming services.

Significant impact on the internal market: The platform's activities must have a significant impact on the internal market. This means that the platform must be used by a large number of users and businesses in a significant number of EU Member States.

Intermediation position: The platform must be an intermediary between businesses and consumers. This means that the platform must connect businesses with consumers and enable businesses to sell goods or services to consumers.

Data Act: 

The Data act establishes fundamental principles governing how data can be used across various sectors, promoting data sharing.

While the scope of the GDPR is limited to personal data, the Data Act applies to both personal data and non-personal data, which means that its scope of application is clearly broader.

The Data Act applies to a wide range of businesses that collect, process, or use data from connected products, including:

Manufacturers of connected products: This includes companies that make smart devices, vehicles, industrial machinery, smart appliances, and other products that generate data through sensors or connection to a network.

Providers of related services: This includes companies that offer data management services, data analysis services, and data connectivity services for connected products.

Data holders: This includes companies that collect data from connected products, even if they are not the manufacturer of the product.

Data recipients: This includes companies that receive data from connected products, even if they are not the manufacturer or the original data holder.

Network and Information Security Directive (NIS2): 

NIS2 aims to strengthen the cybersecurity of critical infrastructure in the European Union by imposing stricter obligations on organizations that operate in these sectors. The Directive also includes provisions for cooperation between national authorities and for the exchange of information about cybersecurity threats and incidents.

The Network and Information Security directive applies to a wide range of businesses, including small and medium-sized enterprises (SMEs). However, the obligations that apply to SMEs are generally less stringent than those that apply to larger companies.

SMEs that are considered to be "essential entities" under NIS2 are subject to the most stringent obligations. These obligations include:

• Implementing a comprehensive cybersecurity program that is proportionate to their risk profile.
• Appointing a cybersecurity coordinator.
• Conducting regular cybersecurity risk assessments.
• Reporting cybersecurity incidents promptly to national authorities.
• Cooperating with national authorities in investigating cybersecurity incidents.

SMEs that are considered to be "important entities" under NIS2 are subject to a subset of the obligations that apply to essential entities. These obligations include:

• Implementing a risk-based approach to cybersecurity.
• Having a documented cybersecurity policy.
• Conducting regular cybersecurity training for employees.
• Implementing measures to protect their networks and systems from cybersecurity threats.
• Reporting cybersecurity incidents to national authorities if they have a significant impact.

European Digital Identity (eID Regulation): 

A new framework for a pan-European digital identity system, enabling citizens and businesses to access online services securely. For small businesses, The European Digital Identity regulation will impact small businesses in several ways.

Increased efficiency and convenience for customers

The eID Regulation will make it easier for customers to identify themselves online and offline. This will save customers time and effort, and it will also make it more convenient for them to do business with small businesses. For example, customers will be able to use their eIDs to:

• Sign up for online services
• Apply for loans or insurance
• Rent or buy property
• Conduct business with government agencies

Enhanced trust and security

The eID Regulation will also make it more secure for customers to share their personal information with businesses. This is because eIDs are issued by trusted government authorities, and they use advanced security technologies to protect personal data. For example, businesses that use eIDs will be able to:

• Verify the identity of customers securely
• Collect personal data without needing to create new databases
• Protect personal data from unauthorized access

Reduced costs for businesses

By using eIDs, businesses can reduce the costs associated with customer identification and fraud prevention. This is because eIDs eliminate the need for businesses to create and maintain their own identity verification systems. For example, businesses that use eIDs will be able to:

• Avoid the costs of developing and maintaining identity verification systems
• Reduce the risk of fraud by using a more secure method of customer identification

Increased access to new markets

The eID Regulation will also make it easier for small businesses to reach new customers across Europe. This is because eIDs will be mutually recognized across all EU Member States. For example, a small business in London will be able to use eIDs to verify the identity of customers in Paris or Berlin.

Overall, the European Digital Identity (eID Regulation) has the potential to provide significant benefits for small businesses. By increasing efficiency, convenience, trust, and security, eIDs can help small businesses to improve their operations, reduce costs, and expand their market reach.

Here are some specific examples:

A small online retailer can use eIDs to verify the identity of customers when they place orders.

• A small bank can use eIDs to verify the identity of customers when they apply for loans or open new accounts.
• A small travel agency can use eIDs to verify the identity of customers when they book flights or hotels.
• A small healthcare provider can use eIDs to verify the identity of patients when they make appointments or access their medical records.

As eIDs become more widely adopted, we can expect to see even more innovative ways for small businesses to use them to improve their operations and services.

Do you want to know more about how you and your company become compliant with new regulations, or maybe you are just interested in talking about these topics?

Then you should:

1. Follow us on social media. We post updates on LinkedIn, Instagram and Facebook when we have a new blog post. You can also get valuable tips and learn something new from other posts we share on social media, so you lose nothing by following us!

2. If you want additional knowledge about the subject, maybe even a little help on how to start, don't hesitate to contact us! 

3. Want to connect on LinkedIn? 🤝 You will find me here!

/ Martin Sjöström - CEO 👋