SlideShare una empresa de Scribd logo

20131009 aon security breach legislation

Descargar como PPTX, PDF
Jos Dumortier
Jos Dumortier
TecnologíaEmpresariales
1 de 30
EU Security Breach Legislation Impact on Enterprise Risk Management jos.dumortier@timelex.eu
Forbes, October 3, 2013
EU 2009 • new provisions inserted in the EU electronic communications privacy (ePrivacy) directive (art. 4) • introduction of first EU security breach notification duty • limited scope: providers of public electronic communications networks and services • Belgium 2012: transposition in art. 114/1 and 114/2 of the e-communications act
Summary • notification of specific risk of network security breach • to the NRA (Belgium: BIPT) • to subscribers • notification of actual security breach with important impact • to the NRA (Belgium: BIPT) • NRA can notify further to EU • notification of security breach regarding personal data • to the NRA (Belgium: BIPT) • to subscribers and/or users
Details • timeframe? • which information to communicate? • via which channel? • when should individuals be notified? • role of encryption • ...
Recent example :
EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
Draft NIS Directive a) Obligations for Member States b) Cooperation mechanism c) Requirements for market operators and public administrations Note: minimum harmonisation (minimum common capacity building)!
NIS: Duties for public administrations and market operators • Obligation to take appropriate technical and organisational measures to manage the risks • Obligation to notify to the national competent authority incidents having a significant impact on the security of core services • National competent authority may inform the public where it determines that it is in the public interest • EC will be empowered to adopt delegated acts (art. 18)
“Market operators”: Annex II of the Draft NIS Directive • Providers of “information society services” (operating in the EU) • e-commerce platforms • internet payment gateways • social networks • search engines • cloud computing services • application stores • Operators of “critical information infrastructures” (CIIP operators) • Energy • Transport • Banking • Financial market infrastructures (stock exchange, clearinghouses) • Health sector
EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
Draft EU e-Identification and Trusted Services Regulation 1. e-Identification 2. Trust Services
“e-Identification”: mutual recognition • idea: • if an online (government) service in a Member State requires access authentication by means of an e-ID, • then this service should be accessible for e-ID’s notified by other Member States
“Trust Services” • stricter rules for “trust service providers” (e.g. annual security audit) • “trust services”: services related to e-signatures, timestamps, e-documents, e- delivery, website authentication, digital certificates • introduction of security breach notification (to supervisory bodies and data protection commissioners) • “qualified” trust services : presumption of legal validity
EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
On 25 January 2012 the European Commission has officially released a proposal for a comprehensive reform of the 1995 data protection rules on personal data processing.
1. One single European law If adopted, the proposed Regulation will be valid across the EU. As a consequence, companies established in more than one EU country will no longer experience difficulties to cope with the divergent rules of the EU Member States.
2. Every company supervised by one data protection commissioner Personal data processing by companies established in more than one EU country will be monitored by one single supervisory authority. In principle this will be the data protection commission of the country where the company has its main establishment.
3. Also applicable to companies outside the EU Theoretically the proposed Regulation claims to be applicable on the processing of personal data of data subjects residing in the EU by a controller not established in the EU, … where the processing activities are related to the offering of goods or services to such data subjects, or to the monitoring of the behaviour of such data subjects.
4. Basic rules remain but would be better implemented The supervisory authorities will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company. Moreover responsibility and liability of the controller for any processing of personal data is more clearly established.
5. Abolition of the general obligation to notify The general notification obligation would be abolished, and replaced by procedures and mechanisms which focus instead on those processing operations which are likely to present specific risks.
6. Data protection officers The controller and the processor would in the future be requested to designate a data protection officer in any case where: (a) the processing is carried out by a public authority or body; or b) the processing is carried out by an enterprise employing 250 persons or more; or (c) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
7. Consent: always explicit Tacit consent will no longer be sufficient as a legal ground for personal data processing. Moreover consent can no longer be integrated into terms and conditions but must be presented distinguishable in its appearance from this other matter.
8. Right to be forgotten? The right to erasure would be extended in such a way that a controller who has made the personal data public would be obliged to inform third parties which are processing such data that a data subject requests them to erase any links to, or copies or replications of that personal data.
9. “Data portability” The data subject would be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. This should apply where the data subject provided the data to the automated processing system, based on their consent or in the performance of a contract.
10. Security breach notification As soon as a controller becomes aware that a personal data breach has occurred, he would be obliged to notify this breach to the supervisory authority without undue delay and, where feasible, within 24 hours. The individuals whose personal data could be adversely affected by the breach would also have to be notified without undue delay in order to allow them to take the necessary precautions.
Conclusions • current scope still limited (telecom providers, ISPs, etc.) • extension to other sectors under discussion • lack of co-ordination between proposed rules is criticized • many questions remain about practical implementation
Jos Dumortier time.lex - Information & Technology Law Congresstraat 35 B-1000 Brussel (t) +32 (0)2 229 19 47 www.timelex.eu / jos.dumortier@timelex.eu

Recomendados

Dumortier draft data protection regulation
Dumortier draft data protection regulationDumortier draft data protection regulation
Dumortier draft data protection regulationJos Dumortier
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Zimbabwe's cybercrime & cybersecurity bill 2017
Zimbabwe's cybercrime & cybersecurity bill 2017Zimbabwe's cybercrime & cybersecurity bill 2017
Zimbabwe's cybercrime & cybersecurity bill 2017Povo News
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake Morgan
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxMarco Gioanola
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 

Recomendados

Dumortier draft data protection regulation
Dumortier draft data protection regulationDumortier draft data protection regulation
Dumortier draft data protection regulationJos Dumortier
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 
Ubicomp challenges for privacy law
Ubicomp challenges for privacy lawUbicomp challenges for privacy law
Ubicomp challenges for privacy lawblogzilla
 
Zimbabwe's cybercrime & cybersecurity bill 2017
Zimbabwe's cybercrime & cybersecurity bill 2017Zimbabwe's cybercrime & cybersecurity bill 2017
Zimbabwe's cybercrime & cybersecurity bill 2017Povo News
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake Morgan
 
Data Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesData Privacy & Compliance Considerations on Using Cloud Services
Data Privacy & Compliance Considerations on Using Cloud ServicesAmazon Web Services
 
Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxMarco Gioanola
 
Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Data Protection Guide – What are your rights as a citizen?
Data Protection Guide – What are your rights as a citizen?Edouard Nguyen
 
Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksAlberto Peñaranda Echevarría
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
euregs
euregseuregs
euregsbwgoodman
 
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...FIA2010
 
Case by case - moving data centres to Romania
Case by case - moving data centres to RomaniaCase by case - moving data centres to Romania
Case by case - moving data centres to RomaniaȚuca Zbârcea & Asociații
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation EngFabio Marazzi
 
28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UKNicola Hermansson
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulationFahad Ameen
 
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Tom Meagher
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in IndiaLATHA H C
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados PessoaisIBE_USP
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Morgan
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
Quick guide gdpr
Quick guide gdprQuick guide gdpr
Quick guide gdprMiguel Mello
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...EUDAT
 
ShareForMore
ShareForMoreShareForMore
ShareForMoreArtax Consulting Group
 
Salomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.MytileneSalomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.Mytileneaigaiopelagitis
 

Más contenido relacionado

La actualidad más candente

Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenEdouard Nguyen
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...FIA2010
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation EngFabio Marazzi
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulationFahad Ameen
 
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Tom Meagher
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in IndiaLATHA H C
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPRPavol Balaj
 
1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados PessoaisIBE_USP
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Morgan
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...EUDAT
 

La actualidad más candente (20)

Factsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be ForgottenFactsheet data protection and Right to be Forgotten
Factsheet data protection and Right to be Forgotten
 
EU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh NetworksEU Data Protection Regulation Skyhigh Networks
EU Data Protection Regulation Skyhigh Networks
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
euregs
euregseuregs
euregs
 
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
Innocenzo Genna, Genna Cabinet, Bruxelles: Privacy in the electronic communic...
 
Case by case - moving data centres to Romania
Case by case - moving data centres to RomaniaCase by case - moving data centres to Romania
Case by case - moving data centres to Romania
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Uia presentation Eng
Uia presentation EngUia presentation Eng
Uia presentation Eng
 
28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK28014_EY Safe Harbor_UK
28014_EY Safe Harbor_UK
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
Privacy Act, Spam Act and "the Cloud" seminar (May 2014)
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 
Quick Guide to GDPR
Quick Guide to GDPRQuick Guide to GDPR
Quick Guide to GDPR
 
1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais
 
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
Blake Lapthorn's In-House Lawyer and Decision Maker's forum - 12 September 2013
 
Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...Be careful what you wish for: the great Data Protection law reform - Lilian E...
Be careful what you wish for: the great Data Protection law reform - Lilian E...
 
Quick guide gdpr
Quick guide gdprQuick guide gdpr
Quick guide gdpr
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...Service provider liability: Legal Issues in Research Data Collection and Shar...
Service provider liability: Legal Issues in Research Data Collection and Shar...
 

Destacado

Salomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.MytileneSalomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.Mytileneaigaiopelagitis
 
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...Stefan Buddenbohm
 
APS Chapter 07 Notes
APS Chapter 07 NotesAPS Chapter 07 Notes
APS Chapter 07 NotesWCalhoun
 
Chapter 01 – Section 01
Chapter 01 – Section 01Chapter 01 – Section 01
Chapter 01 – Section 01WCalhoun
 
20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulationJos Dumortier
 
Onsite Presentation
Onsite PresentationOnsite Presentation
Onsite Presentationtdillahunt
 
Caimeiju SNS marketing
Caimeiju SNS marketing Caimeiju SNS marketing
Caimeiju SNS marketing Richard Liu
 
Professor D. Vokou about Greek Nature Management Bodies and Biodiversity
Professor D. Vokou about Greek Nature Management Bodies and BiodiversityProfessor D. Vokou about Greek Nature Management Bodies and Biodiversity
Professor D. Vokou about Greek Nature Management Bodies and Biodiversityaigaiopelagitis
 

Destacado (13)

ShareForMore
ShareForMoreShareForMore
ShareForMore
 
Salomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.MytileneSalomidi&Panayotidis Text.Mytilene
Salomidi&Panayotidis Text.Mytilene
 
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...
OA Network: Heading for Joint Standards and Enhancing Cooperation: Value‐Adde...
 
ShareForMore
ShareForMoreShareForMore
ShareForMore
 
APS Chapter 07 Notes
APS Chapter 07 NotesAPS Chapter 07 Notes
APS Chapter 07 Notes
 
Chapter 01 – Section 01
Chapter 01 – Section 01Chapter 01 – Section 01
Chapter 01 – Section 01
 
20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation20130911 oid dumortier_draft regulation
20130911 oid dumortier_draft regulation
 
Onsite Presentation
Onsite PresentationOnsite Presentation
Onsite Presentation
 
Panayotidis 7 Feb 2009
Panayotidis 7 Feb 2009Panayotidis 7 Feb 2009
Panayotidis 7 Feb 2009
 
Caimeiju SNS marketing
Caimeiju SNS marketing Caimeiju SNS marketing
Caimeiju SNS marketing
 
Blaxos & Louloudis
Blaxos & LouloudisBlaxos & Louloudis
Blaxos & Louloudis
 
Professor D. Vokou about Greek Nature Management Bodies and Biodiversity
Professor D. Vokou about Greek Nature Management Bodies and BiodiversityProfessor D. Vokou about Greek Nature Management Bodies and Biodiversity
Professor D. Vokou about Greek Nature Management Bodies and Biodiversity
 
Research Grigoriadis
Research GrigoriadisResearch Grigoriadis
Research Grigoriadis
 

Similar a 20131009 aon security breach legislation

Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissieEuropadialoog
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework Thiebaut Devergranne
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Meteringnuances
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_enGreg Sterling
 
Factsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingFactsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingSilesia SEM
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibberauexpo Conference
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingAndrew Tibber
 
How does the data protection reform strengthen citizens rights?
How does the data protection reform strengthen citizens rights? How does the data protection reform strengthen citizens rights?
How does the data protection reform strengthen citizens rights? - Mark - Fullbright
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiKrowdthink
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 

Similar a 20131009 aon security breach legislation (20)

Presentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese CommissiePresentatie Giorgos Rossides, Europese Commissie
Presentatie Giorgos Rossides, Europese Commissie
 
ESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection RegulationESET Quick Guide to the EU General Data Protection Regulation
ESET Quick Guide to the EU General Data Protection Regulation
 
The new data privacy regulation framework
The new data privacy regulation framework The new data privacy regulation framework
The new data privacy regulation framework
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
EU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart MeteringEU General Data Protection: Implications for Smart Metering
EU General Data Protection: Implications for Smart Metering
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Factsheet data protection_en
Factsheet data protection_enFactsheet data protection_en
Factsheet data protection_en
 
Factsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" rulingFactsheet on the "Right to be Forgotten" ruling
Factsheet on the "Right to be Forgotten" ruling
 
E-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew TibberE-privacy Directive and Performance Marketing - Andrew Tibber
E-privacy Directive and Performance Marketing - Andrew Tibber
 
The E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance MarketingThe E-Privacy Directive and Performance Marketing
The E-Privacy Directive and Performance Marketing
 
How does the data protection reform strengthen citizens rights?
How does the data protection reform strengthen citizens rights? How does the data protection reform strengthen citizens rights?
How does the data protection reform strengthen citizens rights?
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
 
1st draft
1st draft1st draft
1st draft
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 

Último

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 

20131009 aon security breach legislation

  • 1. EU Security Breach Legislation Impact on Enterprise Risk Management jos.dumortier@timelex.eu
  • 3.
  • 4. EU 2009 • new provisions inserted in the EU electronic communications privacy (ePrivacy) directive (art. 4) • introduction of first EU security breach notification duty • limited scope: providers of public electronic communications networks and services • Belgium 2012: transposition in art. 114/1 and 114/2 of the e-communications act
  • 5. Summary • notification of specific risk of network security breach • to the NRA (Belgium: BIPT) • to subscribers • notification of actual security breach with important impact • to the NRA (Belgium: BIPT) • NRA can notify further to EU • notification of security breach regarding personal data • to the NRA (Belgium: BIPT) • to subscribers and/or users
  • 6.
  • 7. Details • timeframe? • which information to communicate? • via which channel? • when should individuals be notified? • role of encryption • ...
  • 9. EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
  • 10. Draft NIS Directive a) Obligations for Member States b) Cooperation mechanism c) Requirements for market operators and public administrations Note: minimum harmonisation (minimum common capacity building)!
  • 11. NIS: Duties for public administrations and market operators • Obligation to take appropriate technical and organisational measures to manage the risks • Obligation to notify to the national competent authority incidents having a significant impact on the security of core services • National competent authority may inform the public where it determines that it is in the public interest • EC will be empowered to adopt delegated acts (art. 18)
  • 12. “Market operators”: Annex II of the Draft NIS Directive • Providers of “information society services” (operating in the EU) • e-commerce platforms • internet payment gateways • social networks • search engines • cloud computing services • application stores • Operators of “critical information infrastructures” (CIIP operators) • Energy • Transport • Banking • Financial market infrastructures (stock exchange, clearinghouses) • Health sector
  • 13. EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
  • 14. Draft EU e-Identification and Trusted Services Regulation 1. e-Identification 2. Trust Services
  • 15. “e-Identification”: mutual recognition • idea: • if an online (government) service in a Member State requires access authentication by means of an e-ID, • then this service should be accessible for e-ID’s notified by other Member States
  • 16. “Trust Services” • stricter rules for “trust service providers” (e.g. annual security audit) • “trust services”: services related to e-signatures, timestamps, e-documents, e- delivery, website authentication, digital certificates • introduction of security breach notification (to supervisory bodies and data protection commissioners) • “qualified” trust services : presumption of legal validity
  • 17. EU Proposals to extend the notification duty 1. Draft general data protection regulation (January 2012) 2. Draft e-identification and trust services regulation (June 2012) 3. Draft network and information security (NIS) directive (February 2013)
  • 18. On 25 January 2012 the European Commission has officially released a proposal for a comprehensive reform of the 1995 data protection rules on personal data processing.
  • 19. 1. One single European law If adopted, the proposed Regulation will be valid across the EU. As a consequence, companies established in more than one EU country will no longer experience difficulties to cope with the divergent rules of the EU Member States.
  • 20. 2. Every company supervised by one data protection commissioner Personal data processing by companies established in more than one EU country will be monitored by one single supervisory authority. In principle this will be the data protection commission of the country where the company has its main establishment.
  • 21. 3. Also applicable to companies outside the EU Theoretically the proposed Regulation claims to be applicable on the processing of personal data of data subjects residing in the EU by a controller not established in the EU, … where the processing activities are related to the offering of goods or services to such data subjects, or to the monitoring of the behaviour of such data subjects.
  • 22. 4. Basic rules remain but would be better implemented The supervisory authorities will be empowered to fine companies that violate EU data protection rules. This can lead to penalties of up to €1 million or up to 2% of the global annual turnover of a company. Moreover responsibility and liability of the controller for any processing of personal data is more clearly established.
  • 23. 5. Abolition of the general obligation to notify The general notification obligation would be abolished, and replaced by procedures and mechanisms which focus instead on those processing operations which are likely to present specific risks.
  • 24. 6. Data protection officers The controller and the processor would in the future be requested to designate a data protection officer in any case where: (a) the processing is carried out by a public authority or body; or b) the processing is carried out by an enterprise employing 250 persons or more; or (c) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects.
  • 25. 7. Consent: always explicit Tacit consent will no longer be sufficient as a legal ground for personal data processing. Moreover consent can no longer be integrated into terms and conditions but must be presented distinguishable in its appearance from this other matter.
  • 26. 8. Right to be forgotten? The right to erasure would be extended in such a way that a controller who has made the personal data public would be obliged to inform third parties which are processing such data that a data subject requests them to erase any links to, or copies or replications of that personal data.
  • 27. 9. “Data portability” The data subject would be allowed to transmit those data, which they have provided, from one automated application, such as a social network, into another one. This should apply where the data subject provided the data to the automated processing system, based on their consent or in the performance of a contract.
  • 28. 10. Security breach notification As soon as a controller becomes aware that a personal data breach has occurred, he would be obliged to notify this breach to the supervisory authority without undue delay and, where feasible, within 24 hours. The individuals whose personal data could be adversely affected by the breach would also have to be notified without undue delay in order to allow them to take the necessary precautions.
  • 29. Conclusions • current scope still limited (telecom providers, ISPs, etc.) • extension to other sectors under discussion • lack of co-ordination between proposed rules is criticized • many questions remain about practical implementation
  • 30. Jos Dumortier time.lex - Information & Technology Law Congresstraat 35 B-1000 Brussel (t) +32 (0)2 229 19 47 www.timelex.eu / jos.dumortier@timelex.eu