Compliance Deadlines: GDPR, NIS Directive & Future Cybersecurity Regulations

Time’s up! Cybersecurity compliance is no longer optional for global businesses as IT standards and regulations increase at both state and industry levels, worldwide.

May 2018 is a big month in cybersecurity, with both the NIS Directive and the EU’s GDPR going into effect and rolling out significant consequences for organizations that do not comply. Are you prepared?

IT Regulation Compliance

As cyberthreat grows worldwide, more and more security regulations are being put into action to protect businesses, infrastructure, and consumers from a cybersecurity breach. Complying with these regulations and meeting industry standards is becoming a full-time occupation for IT teams, or else their companies face steep fines – or even steeper consequences when hackers gain access to poorly-guarded servers.

NIS Directive

In effect as of the 9th of May, 2018, the NIS Directive was published by the EU to strengthen cybersecurity practices across “essential services” providers such as utilities and transport. This “Network Information Security” regulation aims to enforce a minimum level of IT security in those services which are critical to public, economic and political stability. It targets OES (operators of essential services) as well as the digital or cloud service providers they work with for comprehensive application of security measures.

Among its standards, the NIS Directive requires:

  • Security solutions in place for network systems and data
  • Incident response planning, including continuation of services
  • The monitoring, audit, and control of security practices in effect
  • The respect of international laws and standards

Compliance with the NIS Directive requires clear communication at the international, European, and national levels, on top of the implementation of sufficient cybersecurity solutions. And CNI organizations that are caught not complying with regulations? They face fines of up to $24 million.


The hot topic of the last year in Europe and across the world, the EU General Data Protection Regulation – GDPR – comes into full force the 25th of May, 2018. This behemoth of a security regulation applies to every business in any country which might handle the personal data of EU citizens. Regardless of industry, these organizations are held accountable for a minimum standard of security and practices for handling, storing, and processing private data.

The major requirements of GDPR on international businesses include:

  • Privacy by design, with protection personal data built into business processes
  • Opt-in consent
  • Appointment of a Data Protection Officer
  • Obligation to notify of a data breach
  • Right to erasure

And the list certainly doesn’t end there. The demands of GDPR are rigorous, but the consequences of non-compliance are equally intimidating: penalties for violations can reach 20 million euros, or up to 4% of revenue, whichever is greater. Businesses can’t afford not to fall in line with regulations.

Future Cybersecurity Regulations

What’s coming down the pipe for future regulatory constraints? With the ever-increasing global cyber threat, governments and industry regulators are developing more and more guidelines and standards for business cybersecurity. Thankfully, many compliance requirements overlap with each other, allowing you to check off many items at once with your cybersecurity policies.

In the end, you need an IT security solution which scales and evolves with your organization, adapting to changes in infrastructure and compliance requirements to keep your data, servers, systems, and customers protected from a breach.

Achieve Compliance with the new Bastion 6.0

PAM makes compliance simple by streamlining your IT security and responding to an array of critical regulatory requirements in one fell swoop. The Bastion takes privileged access management to a whole new level, helping you ensure robust security with new features and capabilities.

Most IT security regulations – including both GDPR and the NIS Directive – include provisions for the control of access to sensitive resources, including oversight of who has login credentials and monitoring of what actions privileged users take in the systems on which they’re authorized. Privileged Access Management (PAM) solutions like the WALLIX Bastion 6.0 provide comprehensive, all-in-one platforms to manage, monitor, and respond to privileged access needs quickly and simply, while delivering robust system security.

Complying with the latest cybersecurity regulations can be a significant undertaking, requiring considerable overhauling of processes and integrating software. PAM makes cybersecurity simple.