The development of commercial and social relations is accompanied by technological progress and the widescale use of information systems and services.
The need to ensure cyber-security arises from the speed of development, the complexity of IT technologies and the extent to which IT solutions are relied upon. Disruptions to the proper functioning of IT systems can negatively affect a company’s financial, commercial and security interests.
The act implements into Polish law the EU’s Directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. This legislation imposes numerous obligations on a range of entities.
Fine of up to PLN 200,000, or even PLN 1m in certain cases, may be imposed on entities that commit particular infringements. Firms may even be fined after they no longer infringe their obligation or have already remedied the losses they caused.
Important!
Fines can also be imposed on the managers of key service operators, up to 200% of the manager’s monthly remuneration.
analysing the existing legal environment and any planned changes regarding cyber-security, including draft legislative proposals.
providing dedicated trainings regarding the obligations of key services operators and digital services suppliers, including compliance with personal data protection rules.