On 17 October 2022, the Bill on the Protection of Personal Data entered into force, with a grace period of two years on compliance. The Bill states that data controllers have to conduct impact assessments to identify risks in processing personal data. Furthermore, the entities are obliged to implement preventive, detective, and responsive security measures to ensure the protection of the personal data stored from unauthorised access. Finally, the entities will have to report to the authorities within 72 hours of unauthorised access to personal data.
Original source