The Portuguese business sphere has just undergone a profound change in the way it deals with threats from the digital space and failure to comply with these rules can generate fines of up to 10 million euros. The new cybersecurity law is already in force nationwide and brings with it a set of structural obligations that will affect the daily routine of several organizations.
The legal response to this technological vulnerability comes into operation from April 3rd and transposes European system protection guidelines into the country’s legal system. Detailed information about the operational requirements of this regime is provided by the newspaper.
The central objective of this legislative package aims to generalize the prevention of computer risks in the face of the notable increase in the number and sophistication of computer attacks. The same source indicates that the application of containment measures will always be proportional to the corporate size and strategic importance that each entity assumes in the market.
Expansion to essential sectors
The scope of these standards abandons the restricted concept of critical infrastructure and focuses attention on the social impact that a failure has on the community. The supervisory scope now encompasses medium and large entities that operate in fundamental areas such as energy, health, banking and transport.
The state apparatus is not exempt from this bureaucratic modernization and most public administration bodies now have to strictly comply with these defensive metrics. The aforementioned source explains that only departments associated with defense, national security and intelligence keep their oversight regulations closed.
The internal restructuring of networks
Organizations classified in the document are legally required to actively structure the protection of their equipment and communication channels. The government decree requires continuous monitoring of intrusion risks and the methodical production of reports that document the virtual barriers installed.
Compliance with the new metrics requires companies to appoint an internal manager with the exclusive responsibility for computer network stability. The identity of this technical element will have to be communicated as a matter of urgency to the central authority that oversees cyberspace in Portugal.
The obligations of administrators
The directive layer assumes maximum responsibility in the organic architecture imposed by authorities to prevent the loss of confidential data. The top of the corporate hierarchy will have to formally approve all repair interventions and supervise their correct execution by technology teams.
Business management is responsible for promoting and funding periodic training sessions to educate its employees about the main traps hidden on the internet. The preparation of an annual report on detected anomalies and the rapid reporting of attempts to hijack data have become routines that cannot be postponed.
Heavy financial sanctions
Refusal to cooperate or the obvious lack of logical defenses results in the opening of administrative offense proceedings that threaten the financial survival of companies. Financial sanctions applied by supervisory entities can reach a maximum value of 10 million euros or the equivalent of 2 percent of the turnover generated by the offending corporation in the previous year.
The final calculation of the funds to be paid to the State will weigh the seriousness of the illicit act and the possible benefit obtained by the offender during the period of non-compliance. Expresso further explains that responsibility moves from the legal aspect to the personal dimension, and administrators may face direct consequences due to their failure to monitor.
Also read:
