GDPR is now the standard industry best-practice, so if you are not taking the steps outlined in this regulation, your data protection approach will be viewed as out-of-date, incomplete, and possibly negligent. In our global, digital village, you need to incorporate standards from around the world into your information security systems.
With May 25 looming, preparing for compliance with the European Union (EU) General Data Protection Regulation (GDPR) is an unavoidable necessity for businesses – and an important act of social responsibility.
When the European Union’s General Data Protection Regulations (GDPR) becomes enforceable, many firms in the US will still not prepared to meet the needs of the regulation come May 25, 2018 – but the penalties for non-compliance are significant for businesses.
Welcome to the last of our three-part GDPR series. In this
On May 25, 2016, the GDPR (General Data Protection Regulation) became law in 28 European countries, marking the arrival of the biggest piece of legislation ever created on a Global scale. We are now rapidly approaching the date when enforcement of the new law will commence in 2018. The most important and significant thing to remember about the regulation is its global scope — this means that wherever you are in the world, if you hold or process personal data of Europeans, then you and your company must comply.
In Part One of our three-part series, we started with a basic overview of who GDPR applies to and the definition of personal data under GDPR. Here in Part Two we will discuss key elements such as consent and online data technologies, privacy notices and
We’re living in a new era of cyber-threats - and governments have started to take notice. To protect the information of their citizens, they’re implementing new regulations that hit businesses where it really hurts. Here’s what you need to know.
GDPR is a complex regulation comprised of 99 articles. In this 3 part series, we’ll break down the components of GDPR starting with an overview of the regulation and why you need to start preparing now. Part 2 will discuss some of the key elements including obtaining valid consent, online data technologies, privacy notices and cross border transfer. Part 3 will dive deeper into understanding the obligations of a Data Controller and Data Processors, individual rights, and the 72 hour data breach notification requirement.
Preparing for the GDPR leads to many questions for compliance teams, like, can we identify and monitor all websites collecting PII on behalf of our company? Are those collection points secure? Are they accompanied by compliance statements and controls? RiskIQ explores these potential issues and offers tips on how to address them.
Equifax took 40 days to report its breach, which is arguably morally incorrect and unacceptable in today's world. The EU GDPR has a 72-hour breach notification rule. Following the GDPR's example, we recommend a more unified approach.
The GDPR is a de facto mandate for every company to invest in process automation software. How can business workflows help with privacy compliance? Read to learn more.
Reports of the death of File Transfer Protocol (FTP) have circulated ever since Debian Project announced it was sunsetting the popular and long-lived protocol on November 1 later this year. Don't believe it.
ISSA-LA presents two women in security and technology panels. The first panel explores information security, IT and other technology-oriented positions as they relate to attracting, recruiting, and maintaining diverse talent. And the second panel focuses on a different kind of inclusion: security versus privacy in the cybersecurity space.
There are some key things that a financial services firm needs to care about when it comes to security: Ashwin Krishnan offers his expert advice to help financial services firms develop their information security practice.
Familiar with the ‘General Data Protection Regulation' (GDPR) but not exactly sure what it entails? This piece explains that the GDPR is a regulation by which the European Parliament, the European Council and the European Commission intend to strengthen and unify data protection for individuals within the European Union (EU).