Our newest course is named “Security and Law”, and is one of my favorite subjects. Not because I am a lawyer posing as a technologist, but because most of the challenges facing privacy today can not only be solved by technology alone. Also, being a forensics investigator means sticking to the law and knowing how to use it in order to catch the criminals.
For my bachelors Final Degree Project I have decided to create an ERP system for conducting investigations in relation to GDPR. Therefore, I already have a good foundation to dig deep into how the EU/EEA laws work, since GDPR is the biggest breakthrough in ICT laws since 1995.
Since Norway is not a part of the EU, the law becomes implemented because we are a member of the EEA (EØS in Norwegian). This means in order to get access to the inner markets of the EU, we must comply with the regulation set in the EEA – which stands for European Economic Area. The laws are discussed and created by the European Commission.
And there are three types of laws that comes out of the European Commission, regulations, directives and decisions. The GDPR is a regulation which is a mandatory law that is applied to all member states of the EU/EEA. A directive is something that sets a goal one should achieve, whilst a decision is for the member state addressed.