Information Security in Principles and Provisions of the EU Data Protection Law

Information security practices are a staple compliance mechanism ensuring the lawful processing and protection of personal data in the new European legal framework of Data Protection. Both the General Data Protection Regulation and the Regulation 2018/1725 on the protection of natural persons regarding the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data contain recognizable principles of and provisions regarding information security methods and practices. The purpose of this paper is to analyse the new EU data protection framework from the perspective of regulation of information security requirements, especially from the perspective of the data controllers and processors and their obligations to ensure conditions for lawful and secure processing of personal data and comply with potential data subject requests.