Cybersecurity for Europe: Fostering rights through technology


  • Athena Bourka


  • Alessandro Mantelero
  • Giuseppe Vaciago
  • Vanesa Gil Laredo
  • Marko Hölbl

Organisation: Cybersec4Europe

Room: Online 3

Timing: 11:45 - 13:00 on 28 January 2021

The recent global pandemic experience has confirmed the key role of IT infrastructures and digital services in our societies. It has also shown the fragile nature of digital ecosystems when not based on responsible and common cybersecurity strategies. This is even more important in the context of European interoperable services and critical infrastructures.

Against this background, this panel deals with data security and cybersecurity from a business perspective, focusing on relevant legal provisions and linking them to technological and organizational measures supporting their implementation. This will reveal interconnections between legal instruments and the technology-focused backbone of the EU approach in this field. The panel will identify the key elements of the different regulations that are crucial for data security and contribute to define a framework based on five main pillars: risk-based approach, by-design approach, reporting obligations, resilience, and certification schemes.

• How can the legal framework on data protection and data security provide a favourable environment for the development of harmonised data security policies and strategies?
• How can the interconnection between different legal framework (GDPR, NIS, PSD2 e eIDAS) stimulate best practices and legal tech tool to facilitate integrated compliance with similar obligations (i.e. reporting, risk assessment and security measures)?
• What are the main elements to consider when designing and implementing an information security management strategy, based on regulatory requirements and security standards and with the aim of guaranteeing operational resilience of the organisation?
• Which new technologies are the most important to meet the requirements of EU cybersecurity and data security regulations?


Athena Bourka

European Union Agency for Cybersecurity (ENISA) (EU)

Athena Bourka is a Network and Information Security Expert in the European Union Agency for Network and Information Security (ENISA) on the areas of data security, privacy and trust. She is also the ENISA’s Data Protection Officer. Before joining ENISA, Athena had been working for over 10 years as a privacy and security expert in the Hellenic Data Protection Authority and the European Data Protection Supervisor (seconded national expert). Athena has also worked in the past in the areas of healthcare data security and environmental information systems and networks. She has studied electrical and computer engineering and holds a PhD on information security.


Alessandro Mantelero

Polytechnic University of Turin (IT)

Alessandro Mantelero is Associate Professor of Private Law and Law & Technology at the Polytechnic University of Turin. He is Council of Europe Scientific Expert on AI, data protection and human rights (Ad Hoc Committee on Artificial Intelligence, Convention 108 – Consultative Committee) and has served as an expert on data regulation for several national and international organizations, including the United Nations, the EU Agency for Fundamental Rights, the European Commission, the American Chamber of Commerce in Italy, the Italian Ministry of Justice, and the Italian Communications Authority (AGCOM). He is Associate Editor of Computer Law & Security Review and member of the Editorial Board of European Data Protection Law Review.

Giuseppe Vaciago

R&P Legal, University of Insubria (IT)

Giuseppe Vaciago is an attorney expert on data protection and cybersecurity. He received his PhD on Digital Forensics from University di Milano and he is a Professor at University of Insubria where he holds a course on IT law. He is a fellow member of Nexa Center of Turin and he is co-founder of Tech and Law Center of Milan. He has authored many publications on cybercrime and data protection, including both scientific journals and textbooks, which have been adopted by the University of Milan.

Vanesa Gil Laredo


Head of Cybersecurity Institutional Affairs at BBVA Group, with more than 18 years of experience in the information security field. Before that, she has been the national Manager of S21Sec’s Security Consultancy and Compliance Department. During her professional career, she has managed and performed many projects related to Information Security Management, IT Governance and Compliance, like the implementation of Information Security Management Systems, development of Security Strategic Plans, PCI DSS assessments, PCI DSS on site audits, development of Business Continuity Plans and Risk Assessments, consultancy for the compliance of data protection law and development of security policies and procedures.

Marko Hölbl

University of Maribor (SI)

Marko Hölbl is an assistant professor of Computer Science at the University of Maribor, Faculty of Electrical Engineering and Computer Science. His main research interests include all aspect of cybersecurity, particularly cryptography, network and internet security, users’ perception of security, security awareness and the blockchain technology. He has been involved in numerous EU and national research projects, currently he is involved in H2020 project CyberSec4Europe. He is an active member and secretary of the CEPIS LSI (Council of European Professional Informatics Societies, Legal and Security Issues special interest network), a member of European Cyber Security Organisation (ECSO), WG6: SRIA and Cyber Security Technologies, an Executive board member of the Slovenian Society Informatika.