Cybersecurity and the Law: What You Need to Know to Fight Cybercrime
Cybersecurity is an issue which goes beyond legal regulation and its proper implementation and use depends on a series of technical, procedural, organizational and legal measures.
Critical infrastructure, network and information systems and services, such as e-banking and e-commerce, play a significant role in modern society and are increasingly gaining momentum as the world becomes more and more digitalized. The damages resulting from cyber-attacks and cybercrime cannot be avoided and must be addressed promptly and efficiently. Any entity can become the victim of a cybersecurity incident, such as the stealing of data information, or a ransomware attack. Cyber-attacks may cause financial loss, information loss which can jeopardize business operations, make damage to reputation, company standing and consumer trust.
On the other side, combating cybercrime is becoming a growingly important duty of legal science and legislation, in terms of prevention, detection and repression.
The most relevant Serbian laws and regulations governing cyber security are The Law on Information Security (“RS Official Gazette”, Nos. 6/2016, 94/2017 and 77/2019”) (hereinafter: the “Law”), which was further aligned with the Directive on Security Network and Information Systems (Directive (EU) 2016/1148) and The Law on Protection of Personal Data (RS Official Gazette, No. 87/2018) and is fully aligned with the General Data Protection Regulation (Regulation (EU) 2016/679).
Serbia has made progress by elaborating cyber strategy in detail and relevant laws were adopted, following the setting up a national center for prevention of security risks (National Center for the Prevention of Security Risks in ICT systems). Pursuant to the Law, tasks of the National CERT (Computer Emergency Response Team) are assigned to the Regulatory Agency for Electronic Communications and Postal Services (RATEL). In accordance with legal authorization, National CERT gathers and exchange relevant information regarding possible security risks of the information-communication systems (ICT systems). In addition, National CERT gathers relevant information regarding the incidents that put at risk security of the ICT systems. In such circumstances, National CERT notifies, alerts and advises responsible personnel that manage ICT systems in the Republic of Serbia, as well as the Public.
Our cybersecurity legal competence combines data protection, privacy, regulatory and litigation expertise to deliver an efficient legal advice and crisis response. For any further information feel free to contact us at office@vuliclaw.com