What you need to know: New Cyber Security & Data Laws in 2024

The Labour government has announced plans to introduce new laws focusing on cyber security, data sharing, and skills. There is a significant emphasis on security and data protection. At Central Technology, we are closely monitoring these legislative changes and their potential impact on data privacy and the security legal landscape.

New Changes in Cyber Security and Data Protection Laws for 2024

Our Professional Services Consultant, Craig Denham, lists four of the impending legislative changes and their possible affects on businesses;

1. Cyber Security & Resilience Bill – Its purpose is to strengthen the UK’s cyber defences and to ensure that critical infrastructure and the digital services that companies rely on are secure.
2. Digital Information & Smart Data Bill – this aims to utilise data to drive economic growth, improve data sharing across public services, promote research work, and empower the Information Commissioner’s Office (ICO) in its enforcement of data laws.
3. NIS2 Directive – This is set to be enacted in EU states by October 17th, 2024, and will require organisations trading within the EU to comply with new cyber security standards. The UK government plans to adopt some elements into the existing NIS directive.
4. Digital Operational Resilience Act (DORA) – This EU regulation, which passed last year, will become effective on January 17th, 2025. It focuses on ensuring the operational resilience of digital services.

Craig commented: “While the full scope of the Cyber Security and Resilience Bill is yet to be announced, it is expected to significantly increase required cyber security standards, secure supply chains and compliance requirements for UK organisations. Until a draft of the legislation is released, much of this remains speculative. Another bill to watch is the ‘Digital Information and Smart Data Bill’, which will apply information standards to IT suppliers in the health and social care system.

From what we have seen so far, these changes will likely align closely with many aspects of the NIS2 directive being introduced by the EU.

Other high-priority areas will likely include enhancing existing security protocols and providing ongoing security awareness training for employees. We anticipate that vulnerability scanning will become mandatory for critical infrastructure sectors, and a comprehensive security review will likely be required for all businesses. Additionally, companies will need to scrutinise their supply chains for vulnerabilities, effectively requiring their partners to also meet minimum security standards.”

We will continue to keep you updated on legislative developments and their implications for businesses. We are always here to support any organisation wanting to improve their security landscape. Our Cyber Security Review helps identify and mitigate cyber risks whilst safeguarding assets and data.