Legal requirements & Compliance

The current NIS Directive imposes requirements on all businesses involved in essential services. However, the European Commission has now proposed to update the directive in what is known as NIS2 to better adapt to today’s security needs.

It is also envisaged that many more actors will be affected and that those who breach the directive will face severe penalties. NIS 2 aims to increase common resilience to cyber threats in the EU and to better adapt to current and future security needs.

Some important news

• More companies, authorities and organizations are affected by NIS 2.
• There will be a greater responsibility to also ensure that your suppliers work safely.
• There are proposals for penalties as in the GDPR
• Training requirements for management
• Incident reporting of near misses
• Use of encryption

Synkzone solutions provide you with both strong encryption and structured ways to organize your information in a secure way. With Synkzone, you are well prepared for the technical requirements of information management within NIS2.

On July 16, 2020, the Court of Justice of the European Union ruled in the so-called Schrems II case. The Court ruled that the EU-US Privacy Shield Agreement did not provide adequate protection for personal data when transferred to the US.

It is up to the person wishing to transfer personal data to the United States or other third countries to assess whether they consider that adequate safeguards have been put in place to ensure compliance with the requirements of the GDPR.

Using Synkzone ensures that no information/data is at risk of being transferred to the US or any other third country.

The GDPR is designed to protect fundamental rights and freedoms, in particular the right of individuals to the protection of their personal data. The GDPR applies throughout the EU and aims, among other things, to create a uniform and equivalent level of protection of personal data, so that the free flow of personal data within the EU and EEA is not hindered.

Article 32 of the Act deals with “Security of data processing”. The controller and processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Synkzone protects your data. Synkzone is built on “security by design” and all data stored and shared in Synkzone is encrypted at all times with keys that your organization and no one else has access to. This way, your organization can rest assured that you have ensured a high level of security, minimized or eliminated the risk of unauthorized disclosure or unauthorized access to personal data. At the same time, you get a good overview and control over who in the organization has access to personal data.

By using Synkzone, you as an organization ensure that you have taken measures to comply and protect in accordance with Recital 78 of the GDPR. You have full central control of the data (you and no one else), you have full protection of the data, ensure and can demonstrate confidentiality and integrity through access and permissions, and have very strong protection in sharing data both externally and internally (end to end encrypted).

Synkzone is delivered from Swedish ISO 27000-certified data centers, so you can be sure that you also live up to point 1.f in Article 5 of the GDPR:

Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (integrity and confidentiality).

We are confident in our delivery and are happy to sign Data Processing Agreements with our customers.

The Cloud Act is a US law that gives US law enforcement the right to request information/data from all US technology companies after a court order. This is regardless of whether the data itself is stored on servers located in the United States or whether it is physically located on international soil. The legislation is far-reaching and a US company cannot contract away or exempt itself from this.

Synkzone is a Swedish-owned company and is subject to Swedish and European laws. Our services are delivered with Swedish technology on Swedish soil. If you use Synkzone, you never risk any data being disclosed to either the US or any other foreign power.

FISA 702 is a law that applies to US companies. This law authorizes the Attorney General of the United States, in conjunction with the Director of National Intelligence, to authorize the collection of information on (1) non-U.S. persons, (2) who are not likely to be in the United States, and (3) to collect intelligence information on other countries.

In other words, everything that has to do with Sweden and Swedish citizens is covered by FISA 702. This means that the NSA can, without a court order, collect intelligence information about other countries via a communications provider without disclosing that collection is taking place. Collected information can then be stored indefinitely. The communications provider must assist the NSA.

Synkzone is a Swedish-owned company and is subject to Swedish and European laws. Our services are delivered with Swedish technology on Swedish soil. If you use Synkzone, you never risk any data being disclosed to either the US or any other foreign power.

Security protection is about protecting the information and activities that are important for Sweden’s security against espionage, sabotage, terrorist crimes and certain other threats. From April 1, 2019, a new Security Protection Act applies that covers more activities than before.

If certain authorities and companies in Sweden are exposed to an attack, it could have serious consequences for national security. Examples include activities in the fields of national defense, the judiciary, energy or water supply, telecommunications or the transport sector.

In the course of their work, these activities may need to handle information that is of importance to Sweden’s security. If this information is disclosed, destroyed or changed, it may affect Sweden’s security. Some activities may also need special protection against terrorism. If they are attacked, the consequences for Sweden would be very serious. These activities need special protection, security protection.

Security protection is regulated in the Security Protection Act and the Security Protection Ordinance.