{"id":2801,"date":"2025-08-03T20:46:58","date_gmt":"2025-08-03T20:46:58","guid":{"rendered":"https:\/\/dadir.be\/beyond-checklists-what-you-really-need-to-know-about-nis2-and-gdpr-in-2025\/"},"modified":"2025-08-06T05:19:07","modified_gmt":"2025-08-06T05:19:07","slug":"beyond-checklists-what-you-really-need-to-know-about-nis2-and-gdpr-in-2025","status":"publish","type":"post","link":"https:\/\/dadir.be\/en\/beyond-checklists-what-you-really-need-to-know-about-nis2-and-gdpr-in-2025\/","title":{"rendered":"Beyond checklists: What you really need to know about NIS2 and GDPR in 2025"},"content":{"rendered":"<p><span data-contrast=\"auto\">As we move deeper into 2025, companies operating in the European Union are facing more than just compliance deadlines; they\u2019re navigating a fundamental shift in how cybersecurity and data protection are governed. Two key frameworks are leading this evolution:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">NIS2 Directive: <\/span><\/b><span data-contrast=\"auto\">Raising the bar for cybersecurity readiness across a wide range of sectors.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"16\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">GDPR: <\/span><\/b><span data-contrast=\"auto\">Still the gold standard for personal data protection, but now under review for simplification; especially for SMEs.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Together, they signal one thing: compliance isn\u2019t optional, and operational resilience is no longer a nice-to-have; it\u2019s essential.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">NIS2 Directive: A new cybersecurity baseline for Europe<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">In effect since October 18, 2024, the updated Network and Information Security Directive (NIS2) expands on its 2016 predecessor by introducing stricter, clearer, and broader obligations for organizations in both essential and important sectors.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Who\u2019s affected?<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">NIS2 now applies to medium and large organizations in:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Energy, water, and transport<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Digital infrastructure and public administration<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Healthcare and pharmaceutical manufacturing<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Postal, courier, and food supply services<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"17\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><span data-contrast=\"auto\">Medical devices, chemicals, and semiconductor production<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Thousands of organizations across the EU now fall within its scope; many for the first time.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Key changes under NIS2<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Expanded scope: <\/span><\/b><span data-contrast=\"auto\">Targets both essential and important entities in critical sectors. Includes additional sectors in comparison to the NIS1 directive.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Executive responsibility: <\/span><\/b><span data-contrast=\"auto\">Top management is directly accountable; non-compliance could lead to personal liability.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Tight incident reporting: <\/span><\/b><span data-contrast=\"auto\">Notify authorities within 24 hours of a major incident; deliver a full report within 72 hours.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Supply Chain security: <\/span><\/b><span data-contrast=\"auto\">Organizations must assess and manage third-party risks, making cybersecurity a contractual priority. Which basically means that many organizations will fall, indirectly, under the NIS2 regulation.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"18\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"5\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Serious consequences: <\/span><\/b><span data-contrast=\"auto\">Fines of up to \u20ac10 million or 2% of global turnover for essential entities.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<h3><b><span data-contrast=\"auto\">Implementation status<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">While the EU deadline for national adoption was October 17, 2024, progress is uneven: Belgium, Italy, Lithuania, and Croatia are ahead, while France, Spain, and Portugal are behind, leading the European Commission to start legal action against 23 Member States.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">A short overview of some EU countries can be found below.\u00a0 If you want more detailed information, you can find more information on the website of <\/span><a href=\"https:\/\/ecs-org.eu\/activities\/nis2-directive-transposition-tracker\/\"><span data-contrast=\"none\">ESCO<\/span><\/a><span data-contrast=\"auto\">.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/dadir.be\/wp-content\/uploads\/2025\/08\/English-1-1-scaled.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2813 aligncenter\" src=\"https:\/\/dadir.be\/wp-content\/uploads\/2025\/08\/English-1-1-scaled.jpg\" alt=\"\" width=\"1012\" height=\"1972\" srcset=\"https:\/\/dadir.be\/wp-content\/uploads\/2025\/08\/English-1-1-980x1909.jpg 980w, https:\/\/dadir.be\/wp-content\/uploads\/2025\/08\/English-1-1-480x935.jpg 480w\" sizes=\"auto, (min-width: 0px) and (max-width: 480px) 480px, (min-width: 481px) and (max-width: 980px) 980px, (min-width: 981px) 1012px, 100vw\" \/><\/a><\/p>\n<h2><b><span data-contrast=\"auto\">ISO 27001 and CyFyn: Practical tools for NIS2 implementation<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:299,&quot;335559739&quot;:299}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">With the expanded scope of NIS2 and rising expectations for cybersecurity maturity, many organizations are turning to internationally recognized frameworks such as <\/span><b><span data-contrast=\"auto\">ISO 27001<\/span><\/b><span data-contrast=\"auto\"> and the <\/span><b><span data-contrast=\"auto\">CyFun framework<\/span><\/b><span data-contrast=\"auto\"> to implement consistent, auditable security practices.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"auto\">Why ISO 27001?<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">ISO 27001<\/span><\/b><span data-contrast=\"auto\"> is a globally recognized standard for information security management systems (ISMS), providing a risk-based, structured approach to protecting data and systems. It&#8217;s particularly effective for:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Demonstrating compliance<\/span><\/b><span data-contrast=\"auto\"> with NIS2 obligations, especially around risk management, incident response, and supply chain controls.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Building trust<\/span><\/b><span data-contrast=\"auto\"> with clients, regulators, and partners through third-party certification.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"2\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><b><span data-contrast=\"auto\">Creating repeatable processes<\/span><\/b><span data-contrast=\"auto\"> for identifying, assessing, and mitigating information security risks.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Key controls from <\/span><b><span data-contrast=\"auto\">Annex A of ISO 27001<\/span><\/b><span data-contrast=\"auto\"> directly map to NIS2 requirements such as access control, physical security, supplier relationships, and incident management.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h3 aria-level=\"3\"><b><span data-contrast=\"auto\">What is CyFun?<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:281,&quot;335559739&quot;:281}\">\u00a0<\/span><\/h3>\n<p><b><span data-contrast=\"auto\">CyFun<\/span><\/b><span data-contrast=\"auto\"> (Cyber Fundamentals) is a national implementation framework used in Belgium that blends global standards\u2014<\/span><b><span data-contrast=\"auto\">NIST CSF<\/span><\/b><span data-contrast=\"auto\">, <\/span><b><span data-contrast=\"auto\">ISO 27001\/2<\/span><\/b><span data-contrast=\"auto\">, <\/span><b><span data-contrast=\"auto\">CIS Controls<\/span><\/b><span data-contrast=\"auto\">, and <\/span><b><span data-contrast=\"auto\">IEC 62443<\/span><\/b><span data-contrast=\"auto\">\u2014into a practical, sector-neutral approach. CyFun helps organizations:<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Assess their maturity using a clear baseline with five levels of implementation.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Prioritize actions based on their operational environment and critical dependencies.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"1\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Integrate cybersecurity into broader governance, risk, and compliance systems.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">CyFun is especially beneficial for organizations that need flexibility and scalability in their implementation efforts, and it\u2019s recognized by Belgium&#8217;s NIS2 transposition law as a valid compliance route.<\/span><span data-ccp-props=\"{&quot;335559738&quot;:240,&quot;335559739&quot;:240}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">GDPR in 2025: Simplifying, not softening<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">Introduced in 2018, the General Data Protection Regulation (GDPR) reshaped how companies handle personal data. But over time, many organizations; especially SMEs\u2014have struggled with its complexity and administrative burden.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">What\u2019s changing?<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<p><span data-contrast=\"auto\">The European Commission is now proposing ways to reduce GDPR friction without weakening protections. <\/span><span data-contrast=\"auto\">Key priorities:<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Easier compliance for small and medium-sized enterprises (SMEs)<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Simplified documentation and audit processes<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">More tailored guidance from national authorities<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"20\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">Requirements scaled to company size and data sensitivity\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">These reforms aim to make GDPR more operationally realistic, especially for fast-moving, resource-constrained businesses.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">Key cybersecurity and data privacy trends in 2025<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">As organizations align with evolving frameworks like NIS2 and GDPR, they must also recognize the broader forces shaping digital security. From AI-driven threats to the operational realities of privacy laws, these five trends are defining cybersecurity and data protection in 2025.<\/span><\/p>\n<ul>\n<li><b style=\"color: #333333; font-size: 22px;\"><span data-contrast=\"auto\">AI in cybersecurity\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Artificial Intelligence is transforming both offensive and defensive strategies in cybersecurity. Attackers are leveraging AI to launch more convincing phishing attacks, generate deepfakes, and deploy malware that adapts in real time. In response, defenders are turning to AI to automate incident detection and improve threat response.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">According to recent <\/span><a href=\"https:\/\/newsroom.cisco.com\/c\/dam\/r\/newsroom\/en\/us\/interactive\/cybersecurity-readiness-index\/2025\/documents\/2025_Cisco_Cybersecurity_Readiness_Index.pdf\"><span data-contrast=\"none\">CISO research<\/span><\/a><span data-contrast=\"auto\">, nearly nine out of ten (86%) business leaders with cybersecurity responsibilities reported experiencing at least one AI-related incident in the past 12 months.<\/span><\/p>\n<ul>\n<li><b style=\"color: #333333; font-size: 22px;\"><span data-contrast=\"auto\">Ransomware and supply chain\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">Ransomware attacks are becoming more aggressive, often combining data theft with encryption to maximize pressure on victims. At the same time, attackers are increasingly targeting third-party vendors, turning supply chain security into a top priority.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">A <\/span><a href=\"https:\/\/www.sophos.com\/en-us\/content\/state-of-ransomware\"><span data-contrast=\"none\">global study<\/span><\/a><span data-contrast=\"auto\"> found that 59 percent of businesses across 14 countries experienced at least one ransomware incident in the past year.<\/span><\/p>\n<ul>\n<li><b style=\"color: #333333; font-size: 22px;\"><span data-contrast=\"auto\">Zero Trust Security\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">The traditional model of trusting users and devices within a secure perimeter is no longer viable. Organizations are adopting Zero Trust frameworks that enforce continuous verification, segment networks, and minimize user privileges.<\/span><\/p>\n<ul>\n<li><b style=\"color: #333333; font-size: 22px;\"><span data-contrast=\"auto\">Quantum risk\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">While quantum computers capable of breaking current encryption may still be years away, the risk they pose is real. Organizations are beginning to evaluate post-quantum cryptography to safeguard sensitive data from future decryption attempts.<\/span><\/p>\n<ul>\n<li><b style=\"color: #333333; font-size: 22px;\"><span data-contrast=\"auto\">Privacy regulations\u00a0<\/span><\/b><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">GDPR remains a cornerstone of data protection in the EU, but additional regulations are emerging globally, and reforms are underway to simplify compliance for smaller businesses. This expanding legal landscape is challenging organizations to maintain agility in their compliance efforts.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">Turning rules into results: How Dadir helps organizations stay ahead<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">At Dadir, we believe compliance should strengthen your business, not slow it down. That\u2019s why we focus on making regulatory frameworks like NIS2 and GDPR practical, actionable, and tailored to your environment.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Our multidisciplinary team brings deep expertise in:<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><a href=\"https:\/\/dadir.be\/en\/information-security\/\"><span data-contrast=\"none\">Information security<\/span><\/a><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Risk and <\/span><a href=\"https:\/\/dadir.be\/en\/quality-management\/\"><span data-contrast=\"none\">quality management<\/span><\/a><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"21\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Process design and continuous improvement<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span data-contrast=\"auto\">We listen, adapt, and build systems that make sense; for your team, your sector, and your goals.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h3><b><span data-contrast=\"auto\">Our services include:<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h3>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">Risk and readiness assessments based on sector-specific NIS2 &amp; GDPR needs<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"2\" data-aria-level=\"1\"><span data-contrast=\"auto\">Executive briefings and accountability workshops for leadership teams<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"3\" data-aria-level=\"1\"><span data-contrast=\"auto\">Supply chain security assessments and contractual alignment with third parties<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"22\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"4\" data-aria-level=\"1\"><span data-contrast=\"auto\">End-to-end cybersecurity program design: policies, reporting, and response<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-setsize=\"-1\" data-leveltext=\"\uf0b7\" data-font=\"Symbol\" data-listid=\"3\" data-list-defn-props=\"{&quot;335552541&quot;:1,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;\uf0b7&quot;,&quot;469777815&quot;:&quot;multilevel&quot;}\" data-aria-posinset=\"1\" data-aria-level=\"1\"><span data-contrast=\"auto\">In-house training and awareness programs that stick<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/li>\n<\/ul>\n<p><b><span data-contrast=\"auto\">NIS2 vs. GDPR: A side-by-side snapshot for 2025<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">Understanding the differences and overlaps between NIS2 and GDPR is essential for aligning your compliance strategy. While both frameworks aim to strengthen digital trust and security, their scopes, enforcement mechanisms, and executive responsibilities vary in important ways.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\"> <img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2809 aligncenter\" src=\"https:\/\/dadir.be\/wp-content\/uploads\/2025\/08\/NIS2-vs-GDPR-1-scaled.png\" alt=\"\" width=\"912\" height=\"923\" \/><\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><b><span data-contrast=\"auto\">Moving forward: Prepare, don\u2019t react<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">The convergence of NIS2 and GDPR in 2025 isn\u2019t just about legal compliance\u2014it\u2019s a wake-up call for organizations to embed digital trust, resilience, and accountability into their DNA.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">If you&#8217;re unsure where to start or need a hands-on partner who speaks both business and regulation, <\/span><a href=\"https:\/\/dadir.be\/\"><span data-contrast=\"none\">Dadir is here to help.<\/span><\/a><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<h2><b><span data-contrast=\"auto\">Conclusion: A new era of strategic compliance<\/span><\/b><span data-ccp-props=\"{}\">\u00a0<\/span><\/h2>\n<p><span data-contrast=\"auto\">2025 marks more than a regulatory milestone; it\u2019s a turning point in how organizations approach cybersecurity and data protection. NIS2 and the evolving GDPR are not just checkboxes for compliance; they represent a broader shift toward proactive, accountable, and resilient digital operations.\u00a0<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-contrast=\"auto\">At Dadir, we help translate regulation into real-world application.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n<p><span data-ccp-props=\"{}\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In 2025, a checklist won&#8217;t cut it. Discover what NIS2 and GDPR truly require from your organization \u2013 and how Dadir helps you stay compliant and resilient.<\/p>\n","protected":false},"author":6,"featured_media":2792,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[21],"tags":[],"class_list":["post-2801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dadir-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/posts\/2801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/comments?post=2801"}],"version-history":[{"count":3,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/posts\/2801\/revisions"}],"predecessor-version":[{"id":2815,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/posts\/2801\/revisions\/2815"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/media\/2792"}],"wp:attachment":[{"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/media?parent=2801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/categories?post=2801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dadir.be\/en\/wp-json\/wp\/v2\/tags?post=2801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}