GDPR is well established by now, but is your organization ready for NIS2 or the AI Act? In a world that increasingly runs on IT systems, legislation does not lag behind. What should be on your radar? And as an HR expert, how do you make sure you’re keeping up and attracting the right profiles for your company? 

Companies that fail to comply risk hefty fines. Not to mention the damage that can be done to an organization’s reputation. However, you should not consider IT law merely as an obligation. As a company, you also have much to gain from the correct application of IT legislation. That’s why it’s best for you, as an HR expert, to remain informed about this.

By the way, many laws clearly state what you need to do to integrate good security practices or to work ethically with customer data, for example. Of course, you still need the right profiles to properly integrate IT legislation. These four tips will help HR and IT experts stay compliant.

1. Understand which IT laws are relevant to your organization

Not every law is applicable to every company. Some legislation is also initially limited to a select number of organizations, after which it is gradually rolled out on a larger scale. That’s why you need to stay abreast of the scope of new legislation. So as an HR expert, you should regularly consult with the IT profiles in your organization. Reading industry magazines or attending events can also help you understand the latest developments.

When you know what is coming, you can start on time and not run into trouble when the law takes effect. Here are a few laws that will be important to EU companies in the coming years:

• NIS2: with the successor of the current NIS directive, the EU wants to extend the focus on cybersecurity to a larger group of companies. Especially as our society digitalizes, good security measures have become a necessity for organizations in industries such as banking, energy and healthcare. On a Belgian level, the law should be in effect from October.
• AI Act: now that just about everyone is affected by AI technology, the EU has created a legislative framework to ensure the safe and ethical use of these tools. EU members states will probably begin to apply this law in the coming years.
• DORA: regulations applicable to financial institutions such as banks and insurers. The law wants to protect both customers and the global financial industry against cyber-attacks.

Other laws are in the pipeline, so consider what is important for your company. 

2. Provide clear procedures for employees

Clear procedures and policies are the foundation of compliance. IT must therefore ensure that employees know what to do and give them timely notice of changes. Information about IT policy should be well documented and easily accessible for the people in your organization. Of course, training is key to making everyone aware of expectations and possibly providing best practices.

3. Schedule regular internal audits

Being compliant with all relevant legislation today does not mean you will still be so tomorrow. Internal audits are a convenient solution to check at regular intervals whether you are still meeting all requirements in the law. It is also good preparation for an external audit. Naturally, such an internal auditor must be someone who is aware of all the rules.

4. Engage experts 

Compliance should not be limited to IT. If your organization has a legal team, it pays off to involve them in this process. Either way, you need experts who are familiar with the latest IT legislation and know how your organization should prepare for it. They increase the awareness of your employees and set up the right policy and procedures to be compliant and implement strong cybersecurity measures. 

At first glance, IT laws may seem like a deterrent to many organizations, but often they actually provide practical guidelines for navigating the complex IT landscape. Ultimately, this will lead to customers having more confidence in your organization and limit the impact of an attack. A win for everyone, except the hackers of course… 

Are you looking for a professional who can help with this? At CHRLY, we put a lot of focus on IT legislation. Be sure to check out our pool of IT talent.