WebArat – GDPR a informačná bezpečnosť | IT ASSISTANCE
There is little difference between information security and cyber security; the principles and procedures are almost identical. The most significant difference probably lies in the source of requirements and terminology.

Information security

In this area, our focus is not only on complying with GDPR requirements, but also on comprehensively implementing an information security management system in accordance with ISO/IEC 27001:2022. This standard outlines the requirements for effectively managing and protecting information by implementing and maintaining an ISMS (Information Security Management System) .

Cybersecurity

Cybersecurity is closely linked to applicable legislation, specifically the Cybersecurity Act No. 69/2018 Coll. in Slovakia and the Cybersecurity Act No. 181/2014 Coll. in the Czech Republic.

Both the law and the standard set out the measures that need to be implemented in the company to ensure an adequate level of information or cyber security.

In accordance with applicable cybersecurity legislation, we offer the following services:

Implementation of cybersecurity requirements

Security consulting

Cybersecurity audits

Legislative obligations relating to cybersecurity

Slovak Republic

The obligation to implement cybersecurity measures applies to organisations included:

  • on the list of essential services
  • on the list of digital services
  • in the register of digital service providers
  • in the register of essential service operators

Amendment to Act No. 69/2018 Coll. (effective from 1 January 2025)

  • This transposes the European NIS2 Directive .
  • It expands the scope of regulated entities.
  • It introduces the obligation to assess risks in the supply chain.
Act No. 69/2018 Coll.

Czech Republic

Cybersecurity implementation is required for electronic communications providers:

  • electronic communications providers
  • authorities responsible for securing significant networks
  • critical infrastructure system administrators
  • significant information system administrators

This is an amendment to Act No. 181/2014 Coll. on cybersecurity (2025)

  • The amendment expands the scope of mandatory entities based on size and importance
  • It introduces a two-tier regulatory system for service providers
  • There is an emphasis on risk assessment in the supply chain
Act No. 181/2014 Coll.

European legislation

  • Regulation (EU) 2019/881 establishes the European Union Agency for Cybersecurity (ENISA) and a certification system for ICT products and services.
  • Directive (EU) 2016/1148 (NIS) sets out measures to ensure a high level of security for network and information systems and has been updated by NIS2.
Regulation (EU) 2019/881 Directive (EU) 2016/1148 (NIS)
Cybersecurity is not only a legal obligation, but also an essential component of information protection and business continuity. By implementing the requirements of laws and European directives, companies can minimise risks and prepare for current and future threats.