The purpose of the Report is to present a mapping of already identified security objectives in the NISD as well as in the GDPR with ENISA good practice guides. It aims to advise operators of essential services as well as digital service providers in their process of identifying appropriate security measures based on the provisions of both legislative acts.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]