ADAE has issued two decisions with relative IDs 165/2011 Government Gazette 2715/Β/17-11-2011 and 205/2013 Government Gazette 1742/Β/15-7-2013, according to which the Regulation for Ensuring the Privacy of Electronic Communications is renewed, thus replacing previous regulations and consolidating relevant decisions issued in the past.
In electronic communications, we designate as Confidential:
• The content of the communication (content of telephone calls, e-mail and in general any communication of voice, image, data).
• The identity of the caller and the caller.
• The identity of the sender and recipient of the email.
• The location data of the terminal device (geographical location).
According to the new regulation:
• All persons involved in the provision of electronic communications networks and / or services are required to have and implement a Security Policy to Ensure the Confidentiality of Communications.
• The Security Policy for Ensuring the Confidentiality of Communications, aims to protect communication data and Information Communication Systems from potential risks, in order to ensure the confidentiality of communications.
The new regulation essentially follows the guidelines of the standard ISO27001: 2013 and ISO27017: 2015, since it makes special reference to specific policies and measures that must be implemented, as briefly mentioned below:
• Internal organization (IS027001 A.5 & A.6)
• Identification and assessment of risks, as well as their treatment plan (IS027001 §A.6.1.2)
• Preservation of logs and historicity (IS027001 A.12.4)
• Security Incident Management (IS027001 A.16)
• Acceptable Use Policy (IS027001 A.5, A.6, A.7, A.8)
• Physical security policy (IS027001 A.11)
• Logical access policy (IS027001 A.9)
• Remote Access Policy (IS027001 A.6.2)
• Network security policy (ISO27001 A.6, A.8, A.13)
• Control policy to ensure the confidentiality of communications and implementation of security policy (ISO27001 A.18)
• Malware response policy (ISO27001 A.12.2)
• Cryptography usage policy (ISO27001 A.10)
• Internal and external inspections (ISO27001 A.9)
• Ensuring business continuity (ISO27001 A.17)
• Efficiency and effectiveness checks (ISO27001 A.9)
• Maintenance and change management (ISO27001 A.12)
In parallel with this regulation, ADAE has published guidelines and best practices, which concern consumers and users of electronic services, proposing self-protection measures (http://www.adae.gr/fileadmin/docs/enimerosi/ADAE_Brochure_April_2014_FINAL)
Priority SA, with specialized experts in the field of telecommunications but also with extensive experience in the design of Information Security Management Systems, supports telecommunications organizations in their compliance with the regulatory framework, adopting the principles of ISO27001 and preparing them for the corresponding certification.
Do you want to discuss about your needs and provide you the right solutions?
Mrs. Lily Mylona,
Sales Director, PRIORITY
T. 210 2509900