Several sector-specific studies on EU data protection and cybersecurity frameworks can be found in the literature, but their differing legal domains has hindered the development of a common analysis of the different sets of provisions from a business perspective. This article sets out to bridge this gap, providing a systematic review and a cross-cutting operational analysis of the main legal instruments that constitute the common European approach to personal data and cybersecurity regulation for the business sector. We aim to demonstrate the existence of a core of common principles and procedural approaches referring to specific cybersecurity and data security technologies. Analysis reveals a coordinated regulatory model based on five pillars: risk-based approach, by-design approach, reporting obligations, resilience and certification schemes. We also highlight the relationship between the main directives and regulations.

中文翻译：

---

欧盟关于个人数据和网络安全监管的通用方法

可以在文献中找到有关欧盟数据保护和网络安全框架的多个特定领域的研究，但是它们不同的法律领域阻碍了从商业角度出发对不同条款的通用分析的发展。本文着手弥合这一差距，对构成主要的欧洲法律文书进行系统的审查和跨领域的运营分析，这些法律文书构成了欧洲针对企业部门处理个人数据和网络安全法规的通用方法。我们旨在证明存在涉及特定网络安全和数据安全技术的通用原则和程序方法的核心。分析揭示了基于五个支柱的协调监管模型：基于风险的方法，基于设计的方法，报告义务，应变能力和认证计划。