In this issue, we would like to inform you about current developments in the areas of data protection, owner control and cyber security.
The focus is on the BfDI’s new position paper on neurotechnologies, BaFin’s consultation on the reform of the owner control procedure and two security-related notifications from the BSI on threats to energy infrastructure and targeted cyberattacks. These topics illustrate the increasing relevance of interdisciplinary cooperation in compliance, IT security and governance.
Table of Contents
- Data protection classification of neurotechnologies: BfDI calls for legal clarification
- BaFin launches consultation on the further development of the owner control procedure
- Cybersecurity in the energy supply: BSI sees structural need for action
- BSI security notice on the activities of GRU unit 26165 (APT28)
- Now receive the most important compliance reports every week free of charge
Data protection classification of neurotechnologies: BfDI calls for legal clarification
Summary:
The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has published a position paper on the regulation of neurotechnologies. The focus is on the protection of mental self-determination in the processing of brain data. In view of the increasing development of brain-computer interfaces, the BfDI is in favor of specific legal regulations and a preventive data protection framework.
Opinion:
For companies in the field of innovative medical technology or AI applications, it is advisable to take the position paper as an opportunity to review existing data processing processes at an early stage. It is advisable to integrate data protection impact assessments and ethical evaluation procedures into development processes in order to be prepared for future regulatory requirements.
BaFin launches consultation on the further development of the owner control procedure
Summary:
BaFin has presented a consultation paper on the planned revision of the holder control procedure. The aim is to achieve a more precise and efficient assessment of actual opportunities for shareholders to exert influence as well as a stronger structuring of the procedure. The changes are to affect both new shareholdings and existing structures.
Opinion:
Institutions should actively accompany the consultation process and analyze possible effects on their shareholding structure at an early stage. An internal evaluation of the control mechanisms and, if necessary, an adjustment of the documentation are advisable in order to be able to effectively meet regulatory requirements in the future.
Cybersecurity in the energy supply: BSI sees structural need for action
Summary:
In a recent communication, the BSI has pointed out existing weaknesses in the cyber security of energy supply companies. Among other things, insufficient network segmentation, delayed updates and non-standardized emergency mechanisms are criticized. The authority recommends a structured review and further development of existing security concepts.
Opinion:
Operators of critical infrastructures, but also their service providers, should compare their existing security processes with the BSI’s recommendations. A regular evaluation of their own cyber resilience – for example through penetration tests and optimized emergency plans – contributes significantly to compliance with regulatory requirements and to securing operational processes.
BSI security notice on the activities of GRU unit 26165 (APT28)
Summary:
The BSI warns of targeted cyberattacks by the Russian unit 26165, also known as APT28. The attacks are carried out via known vulnerabilities in widely used software (e.g. Outlook, Exchange). The security advisory contains specific recommendations for technical protection, particularly with regard to vulnerability management and authentication.
Opinion:
Organizations that use Microsoft-based systems should take the security advisory as an opportunity to systematically review their patch and vulnerability management. The prompt implementation of recommended security measures and the traceability of access rights and logging strengthen resilience against targeted attacks.
Now receive the most important compliance reports every week free of charge
Many compliance officers already use our free service and receive the most important news from the areas of compliance, money laundering prevention, data protection and IT security. We provide a weekly overview of the most important reports and categorize them.
Subscribe now free of charge.
Would you like to be up to date every day?
Our legal rights monitoring software gives you access to all notifications and allows you to filter them by relevance, type and area. You can create and download summaries. Get in touch with us.
We wish you a successful week.
Your Riscreen team