{"id":4502,"date":"2026-01-28T07:40:52","date_gmt":"2026-01-28T06:40:52","guid":{"rendered":"https:\/\/enthec.com\/?p=4502"},"modified":"2026-01-28T07:40:52","modified_gmt":"2026-01-28T06:40:52","slug":"european-data-protection-day-a-reminder-for-cisos-and-security-directors","status":"publish","type":"post","link":"https:\/\/enthec.com\/en\/european-data-protection-day-a-reminder-for-cisos-and-security-directors\/","title":{"rendered":"European Data Protection Day, a reminder for CISOs and security directors"},"content":{"rendered":"

Each<\/span> January 28th is European Data Protection Day.<\/b> This date, beyond the symbolic gesture, invites companies, administrations, and security professionals to pause for a moment and review how they are protecting information.<\/span><\/p>\n

Not only from a legal standpoint, but also from a technical and strategic perspective. For <\/span>CISOs, security directors, and IT managers,<\/b> this day is a good excuse to ask uncomfortable but necessary questions: from knowing what data is being managed to what threats may affect it.<\/span><\/p>\n

 <\/p>\n

European Data Protection Day: much more than just an anniversary<\/b><\/h2>\n

European Data Protection Day commemorates the signing of the Council of Europe Convention 108, the<\/span> first international treaty on data protection<\/b>. Since then, the regulatory framework has evolved to the GDPR, which today sets the standard in Europe.<\/span><\/p>\n

However, compliance with regulations alone does not guarantee that data is truly protected. The legislation establishes the “what,” but the “how” depends on each organization. And that’s where many companies encounter difficulties. <\/span><\/p>\n

According to data from the<\/span> European Union Agency for Cybersecurity (ENISA),<\/b> a significant portion of security incidents are related to basic visibility failures, incorrect configurations, or exposed assets that were not being monitored.<\/span><\/p>\n

In this sense, the<\/span> European Data Protection Day serves as a reminder: protection is not a state; it is a journey.<\/b><\/p>\n

 <\/p>\n

\"European<\/p>\n

 <\/p>\n

Data protection and cybersecurity: two sides of the same coin<\/b><\/h2>\n

For years, data protection has been approached as a legal matter, while cybersecurity was seen as a purely technical issue. Today, that separation no longer makes sense. <\/span><\/p>\n

Unauthorized access, a data breach, or a<\/span> security breach<\/span><\/a> don’t just pose a technical problem. They have direct consequences on the <\/span>privacy of individuals<\/span><\/a>, in the company’s reputation, and, of course, in regulatory compliance.<\/span><\/p>\n

For security managers, this means taking a broader approach that involves <\/span>identifying risks, anticipating threats, and reducing exposure, <\/b>which is as important as reacting to incidents.<\/span><\/p>\n

 <\/p>\n

The current challenge: managing the actual exposure to threats<\/b><\/h2>\n

One of the biggest problems CISOs face is the<\/span> lack of visibility.<\/b>. Hybrid infrastructures, cloud services, external providers, remote devices\u2026 The traditional perimeter has disappeared.<\/span><\/p>\n

This is where the<\/span> Continuous Threat Exposure Management (CTEM)<\/b> approach proposes moving from one-off reviews to continuous risk assessment.<\/p>\n

 <\/p>\n

CTEM: an approach aligned with European Data Protection Day<\/b><\/h2>\n

The CTEM approach aligns with the spirit of European Data Protection Day, as it focuses on prevention and continuous improvement.<\/span><\/p>\n

CTEM is not just about detecting vulnerabilities, but about understanding the complete context:<\/b><\/p>\n