Abstract
Cybersecurity is a much-debated topic in both technical and legal scholarship. With contemporary business models hinging on highly performant information systems, there is increased awareness among entrepreneurs that security incidents often have devastating consequences on undertakings’ revenue streams, intellectual property, and brand reputation. As a result, there is an increased focus on the obligation to implement cybersecurity measures. In the context of the GDPR, cybersecurity obligations seem to converge on the requirement to deploy ‘appropriate technical and organisational measures’ in order to ensure a level of security commensurate with the risks posed to an organisation. Yet, given the complex and rapidly evolving nature of the subject matter, the precise meaning and scope of these obligations remain unclear. This contribution offers guidance on how to assess the concept of ‘appropriate technical and organisational measures’ by considering it through the lens of cybersecurity maturity models. Accordingly, this article provides anchorage to scholarly audiences when scrutinizing the extent to which privacy and security measures qualify as ‘appropriate’ in the context of liability claims and actions for damages, thereby creating an opportunity to move from technical insight to legal compliance.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
