Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

NIS2 and data protection

Excerpt from NIS-2 Directive Article 2 - Scope of application

The processing of personal data by providers of public electronic communication networks or providers of publicly available electronic communication services in accordance with this Directive shall be in accordance with Union data protection and privacy law, in particular Directive 2002/58/EC.

Excerpt from the NIS-2 Directive, recitals

The processing of personal data by essential and important organisations to the extent necessary and proportionate to ensure the security of network and information systems could be considered lawful on the basis that such processing is in compliance with a legal obligation to which the controller is subject in accordance with Article 6(1)(c) and Article 6(3) of Regulation (EU) 2016/679.


European Data Protection Supervisor (EDPS)

https://edps.europa.eu/_de

The European Data Protection Supervisor (EDPS) has issued an opinion on the NIS2 Directive, which has been published under the title "Summary of the opinion of the European Data Protection Supervisor on the Cyber Security Strategy and the NIS2 Directive (2021/C 183/03)". 

Excerpt from the statement

The European Data Protection Supervisor (EDPS) makes specific recommendations to ensure that the proposal correctly and effectively complements the existing Union legislation on the protection of personal data, in particular the GDPR and the ePrivacy Directive, by involving the EDPS and the European Data Protection Board where necessary and by establishing clear mechanisms for cooperation between the competent authorities from the different regulatory areas.

Recommendations

  • On the cyber security strategy
  • On the scope of the strategy and the proposal for the Union's institutions, bodies, offices and agencies
  • On the relationship with the existing Union legislation on the protection of personal data
  • On the definition of the term "cybersecurity"
  • On domain names and registration data ("WHOIS data")
  • On the "proactive monitoring of network and information systems for vulnerabilities" by CSIRTs
  • On outsourcing and supply chains
  • On encryption
  • On risk management measures in the area of cyber security
  • On violations of the protection of personal data
  • On the cooperation group
  • On jurisdiction and territoriality