We help with one central area of NIS2
In short, NIS2 is an EU directive that concerns European companies’ cyber security. Of course, preparing to comply with NIS2 requires giving attention to all aspects of cyber security. For example, your IT systems, networks, suppliers, data processing, etc. At Safe Online, we develop software to help companies make sure they process sensitive data properly. In fact, we are specialists in this particular area of the directive, one that is essential to NIS2 compliance.
This post is for those of you who are looking for help to comply with NIS2, specifically when it comes to processing personal data securely. On the other hand, if you are looking for more guidance and a comprehensive approach to complying with NIS2, we recommend you contact the consulting company BDO Danmark.
What NIS2 says about sensitive data
The Danish organisation Danish Standard recommends using ISO27001 to comply with NIS2. ISO27001 sets guidelines for a company’s cyber and information security, which is exactly what the NIS2 directive requires. However, use of ISO27001 is not mandatory. Above all, you must handle information security in a structured manner.
Here are ISO27001’s guidelines for handling your company’s sensitive data:
- You must identify your sensitive data
- You must have to real-time analysis of your sensitive data
- You must protect your sensitive data by moving it to secure locations or deleting it
- You must prepare your sensitive data in case of a data audit
Want to know more about NIS2?
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Get help for NIS2 with DataMapper
Safe Online’s tools were developed to support the safe processing of sensitive data, including personal data. One of these tools is DataMapper. DataMapper is a data discovery tool that scans your company’s data systems to find files, emails and images that contain sensitive content.
DataMapper helps with NIS2 standards for sensitive data handling by:
1. Identification
Using artificial intelligence and machine learning algorithms, DataMapper quickly finds sensitive content in files, emails and images, saving loads of time compared to manual searches.
2. Analysis
DataMapper gives you access to real-time analyses with the most important statistics to provide you with a complete and detailed overview of all your important documents.
3. Management
After a scan, all sensitive documents are presented in a list. You can then delete, approve or move documents to protected locations. Handle files one by one, or in bulk.
4. Preparation
Finally, DataMapper comes with a Power BI tool with advanced reports on how you handle sensitive data. These reports can be used as documentation for a data audit.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
Use DataMapper to do a GAP analysis
A central part of NIS2 compliance is preparing a risk assessment of one’s cyber security. DataMapper can help make a GAP analysis of your sensitive data. A GAP analysis is about identifying the areas that need to be improved, then setting an end goal, and taking steps to reach it.
In this situation, the end goal is to follow the NIS2 rules for processing sensitive personal data we’ve just listed. A DataMapper scan will give you the statistics you need to evaluate how you handle sensitive personal data in real-time. It will also give you a clear picture of the data you have to take care of under NIS2.
For example, perhaps you have stated in your privacy policy that you only store sensitive data for 6 months. With DataMapper you can scan your files, emails and images and find out exactly how old the files, emails and images you have that contain sensitive information really are.
Prepare your sensitive data for NIS2
You cannot become NIS2-compliant if you do not have a handle on the personal data you store. If you are looking for an easy way to care for sensitive information in a manner that is compliant with the NIS2 directive, take a closer look at our Data Discovery tool, DataMapper. DataMapper can help you get control of your sensitive data and handle it in a structured way. Additionally, it can help you prepare for GAP analysis. Thus, DataMapper reduces your security risk and creates the foundation to live up to NIS2.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →