The EU GDPR legislation has been underway in one form or another since 1995. First proposed in 2012, then passed in 2016, with enforcement as of May 25th, 2018.
Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
This Regulation protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
Much overlooked, the NIS Directive also went into effect on May 25th, 2018:
The directive significantly affects digital service providers (DSPs) and operators of essential services (OESs). Operators of essential services include any organizations whose operations would be greatly affected in the case of a security breach if they engage in critical societal or economic activities. Both DSPs and OES are now held accountable for reporting major security incidents to Computer Security Incident Response Teams (CSIRT). While DSPs are not held to as stringent regulations as operators of essential services, DSPs that are not set up in the EU but still operate in the EU still face regulations. Even if DSPs and OES outsource the maintenance of their information systems to third parties, the NIS Directive still holds them accountable for any security incidents.
Holst Security provides deep consulting on both matters by integrating heavily with the work required to deploy a full Information Security Management System.