Cybersecurity and GDPR - Information Management Today

GDPR compliance checklist

IBM Big Data Hub

JANUARY 22, 2024

The General Data Protection Regulation (GDPR) is a European Union (EU) law that governs how organizations collect and use personal data. Any company operating in the EU or handling EU residents’ data must adhere to GDPR requirements. However, GDPR compliance is not necessarily a straightforward matter.

GDPR

GDPR Compliance Personal data Privacy

How to implement the General Data Protection Regulation (GDPR)

IBM Big Data Hub

FEBRUARY 23, 2024

The General Data Protection Regulation (GDPR), the European Union’s landmark data privacy law, took effect in 2018. Even the world’s biggest businesses are not free from GDPR woes. Many businesses find it hard to implement GDPR requirements because the law is not only complex but also leaves a lot up to discretion.

GDPR

GDPR Compliance Personal data Privacy

How to Comply with GDPR, PIPL, and CCPA

eSecurity Planet

DECEMBER 22, 2021

When it comes to managing cybersecurity risk , approximately 35 percent of organizations say they only take an active interest if something bad happens. PIPL Compliance CCPA Compliance GDPR Compliance How to Stay Up to Date with Changing Compliance Regulations. GDPR Compliance. What is GDPR? Compliance Overview.

GDPR

GDPR Compliance Data Privacy Privacy

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

The Last Watchdog

OCTOBER 19, 2020

There is no shortage of innovative cybersecurity tools and services that can help companies do a much better job of defending their networks. alone, in fact, there are more than 5,000 cybersecurity vendors. They are responding to a trend of companies moving to meet rising compliance requirements, such as PCI-DSS and GDPR.

Cybersecurity

Cybersecurity B2B Sales Compliance

New SEC Cybersecurity Rules Could Affect Private Companies Too

eSecurity Planet

SEPTEMBER 23, 2022

Securities and Exchange Commission (SEC) strongly advised public companies to improve their cybersecurity. However, after minimal corporate adoption of stronger cybersecurity, the SEC has drafted rules to require more formal cybersecurity reporting and disclosure. Also read: What is Cybersecurity Risk Management?

Cybersecurity

Cybersecurity Compliance Risk Communications

This Cybersecurity Awareness Month, Implement Multi-Factor Authentication

Rocket Software

OCTOBER 28, 2021

The White House has proclaimed October Cybersecurity Awareness Month, promoting efforts by the Cybersecurity and Infrastructure Security Agency (CISA) to encourage the public to be “Cyber Smart” and stay safe online. To constitute MFA, users should be asked to provide a combination of these categories. .

Authentication

Authentication Cybersecurity Passwords Access

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

GDPR – The Year in Review

HL Chronicle of Data Protection

MAY 29, 2019

Following the one-year anniversary of the coming into effect of the GDPR, Hogan Lovells’ Privacy and Cybersecurity practice has prepared summaries of key GDPR-related developments of the past 12 months. The summaries cover regulatory guidance, enforcement actions, court proceedings, and various reports and materials.

GDPR

GDPR Personal data Privacy Information architecture

Data processors under the GDPR

Privacy and Cybersecurity Law

AUGUST 23, 2017

In our monthly GDPR Updates we discuss various key issues of the General Data Protection Regulation, (EU) 2016/679 (the GDPR ), which applies from 25 May 2018. With the introduction of the GDPR, the existing Directive 95/46/EC and its implementation in the local laws of the various EU Member States will be repealed.

GDPR

GDPR Personal data Compliance Privacy

Automated Security and Compliance Attracts Venture Investors

eSecurity Planet

FEBRUARY 14, 2023

The vision was to automate security and compliance across 14 frameworks, including SOC 2, ISO 27001, HIPAA and GDPR. First of all, cybersecurity is becoming a “must have” for businesses and governments. billion valuation in less than seven years and earning a top 10 ranking in our list of the top cybersecurity companies.

Compliance

Compliance Security Cybersecurity Marketing

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

Privacy and Cybersecurity Law

JUNE 23, 2021

105, which established the Italian National Cybersecurity Perimeter (“ NCSP ”) and imposed specific obligations on essential operators [1] (“ Operators included in the NCSP ”) to safeguard networks, information systems and IT services that are pivotal to the life and functioning of the nation. National and EU agenda for cybersecurity.

Cybersecurity

Cybersecurity Communications Data breaches Security

European Commission proposes reinforcement of EU Cybersecurity rules

DLA Piper Privacy Matters

JANUARY 11, 2021

On 16 December 2020, the European Commission adopted a proposal for a Directive on measures for a high common level of cybersecurity across the Union (“NIS II Directive”) that revises the current Directive on Security of Network and Information Systems (“NIS Directive”). Cybersecurity risk management and reporting obligations.

Cybersecurity

Cybersecurity Computer and Electronics Manufacturing Cloud

ICO Publishes Draft New Guidance on PETs

Data Matters

OCTOBER 6, 2022

PETs are not defined in data protection law, but the European Union Agency for Cybersecurity (“ ENISA ”) defines them as “systems encompassing technical processes, methods or knowledge to achieve specific privacy or data protection functionality or to protect against risks of privacy of an individual or a group of natural persons.”

GDPR

GDPR Privacy Encryption Compliance

CIPL Submits Response to China’s Personal Information Protection Law

Hunton Privacy

NOVEMBER 19, 2020

CIPL’s key recommendations include: Legitimate Interest : Adding a legitimate interest processing ground within the PIPL; Compatible Processing : Clarifying that organizations can process personal information for compatible purposes in reliance on the original ground for processing; Children’s Data : Enabling a risk-based approach for organizations (..)

GDPR

GDPR Privacy Risk Government

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalised ads

Data Protection Report

JANUARY 21, 2019

It follows two complaints filed as soon as the GDPR came into force by two consumer rights associations, None of Your Business and La Quadrature du Net. Retention periods were not included for some categories of data. The legal bases for ad personalisation were confusing and unclear. Reason for the size of the fine.

GDPR

GDPR Personal data Privacy Access

China Releases Draft Regulations on Network Data Security Management

Hunton Privacy

JANUARY 26, 2022

The definition of “data handler” under the Draft Regulations is similar to that of “data controller” in other privacy laws, such as the EU General Data Protection Regulation (“GDPR”). Cybersecurity Review. The Draft Regulations clarify the conditions that trigger a cybersecurity review required by the CSL.

Security

Security Data breaches Personal data Cybersecurity

Building cyber security careers

IT Governance

OCTOBER 21, 2021

The need for experienced and qualified cyber security professionals is a highlight of Cybersecurity Career Awareness Week , led by NICE (National Initiative for Cybersecurity Education). Information security is a broader category that protects all information assets, whether in hard copy or digital form.

Security

Security Information Security GDPR Data Privacy

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

Hunton Privacy

OCTOBER 25, 2022

million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the EU General Data Protection Regulation (“GDPR”), during the period of March 2019 to December 2020. On October 24, 2022, the UK Information Commissioner’s Office (“ICO”) issued a £4.4

Security

Security Personal data GDPR Insurance

GDPR is upon us: are you ready for what comes next?

Data Protection Report

MAY 23, 2018

The wait is finally over—this Friday the European Union General Data Protection Regulation (GDPR) will come into force. However, the challenges of GDPR certainly don’t end on the date this law goes into implementation. Many of our clients ask us when and how they may be called upon to demonstrate compliance with the GDPR.

GDPR

GDPR Personal data Compliance Data breaches

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Last Watchdog

JANUARY 30, 2019

New York state’s Cybersecurity Requirements for Financial Services Companies, which took effect last March, includes provisions that require financial services companies to ensure the security of the systems used by their third-party suppliers. That included five of eight categories improving in average maturity on a year-over-year basis.

Risk

Risk Financial Services Insurance Cybersecurity

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

There was guidance from data protection regulators in the UK, France and Germany which made clear that implied cookie consent mechanisms are not viable under the EU General Data Protection Regulation (GDPR). It’s time to take the “data and records retention project” out of the “too hard / I’ll do it after GDPR” tray. Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

Privacy and Cybersecurity Law

JULY 26, 2021

The Company was found guilty of infringing the following provisions of Regulation EU 2016/679 (“ GDPR ”): Information provided to the riders pursuant to Article 13 of the GDPR. The Company was also charged with the violation of Articles 5(1)(c) and 25 of the GDPR. What infringements did the Garante identify?

Personal data

Personal data GDPR e-Delivery Communications

How Companies Need to Treat User Data and Manage Their Partners

Security Affairs

MAY 12, 2021

After the introduction of CCPA and GDPR, much more attention is given to third-party risks, and the privacy terms and conditions users agree to. Global privacy regulations, such as the CCPA and GDPR, were enacted to ensure stricter standards when handling the personal data of consumers.

GDPR

GDPR Privacy Personal data Data breaches

California Privacy Law Overhaul – Proposition 24 Passes

Data Matters

NOVEMBER 4, 2020

Third, it creates a new category of businesses: those that voluntarily agree to be subject to the CCPA. Businesses familiar with GDPR will recognize the reference to automated decision-making, as Article 22 gives data subjects similar opt-out rights. The CPRA creates a new category of information called “sensitive personal information.”

Privacy

Privacy B2B Sales Data breaches

Security Outlook 2023: Cyber Warfare Expands Threats

eSecurity Planet

JANUARY 5, 2023

After a year that saw massive ransomware attacks and open cyber warfare, the biggest question in cybersecurity for 2023 will likely be how much of those attack techniques get commoditized and weaponized. Also read: Hyperautomation and the Future of Cybersecurity. We already have the EU’s GDPR, which set a global precedent.

Security

Security Ransomware Cybersecurity Privacy

ICO Issues Data Protection and Coronavirus Guidance

Data Matters

MARCH 12, 2020

If, after taking these measures, an organisation still needs to collect specific health data, the ICO confirms that ongoing data minimisation and information security to protect this sensitive category of data will be paramount.

GDPR

GDPR Communications Privacy Government

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

There was guidance from data protection regulators in the UK, France and Germany which made clear that implied cookie consent mechanisms are not viable under the EU General Data Protection Regulation (GDPR). It’s time to take the “data and records retention project” out of the “too hard / I’ll do it after GDPR” tray. Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

U.S. states pass data protection laws on the heels of the GDPR

Data Protection Report

JULY 9, 2018

states have recently introduced and passed legislation to expand data breach notification rules and to mirror some of the protections provided by Europe’s newly enacted General Data Protection Regulation (“GDPR”). See our previous blog posts on GDPR here and here. Several U.S. Under the law, “covered entities,” defined as “a person [.]

GDPR

GDPR Data breaches Personal data Insurance

What is the NIS2 Directive and How Does It Affect You?

Thales Cloud Protection & Licensing

NOVEMBER 28, 2022

With the NIS Directive, the EU aimed to direct its members to develop national and cross-border cybersecurity norms and regulations. In 2020, the European Commission revised the Directive, to “further strengthen overall cybersecurity in the Union” to address emerging cyber threats. Business continuity and crisis management.

IT

IT Encryption Compliance Cybersecurity

EDPB guidelines on the targeting of social media users

Privacy and Cybersecurity Law

APRIL 1, 2021

6 (1) (a) GDPR); and legitimate interests (Art. 6 (1) (f) GDPR). Valid consent involves meeting the high standard of the GDPR. The EDPB takes the view that the legal bases that would be likely to apply in the targeting context are: consent (Art.

GDPR

GDPR Personal data Risk Access

EUROPE: New privacy rules for connected vehicles in Europe?

DLA Piper Privacy Matters

MAY 5, 2020

Quality of the user’s consent: The fact that a user is not aware of the data processing carried out in his vehicle constitutes a significant barrier to demonstrate valid consent under the GDPR, as the consent must be informed. 23(1) GDPR. 23(1) GDPR. 10 GDPR and any applicable national legislation.

Privacy

Privacy Personal data GDPR Insurance

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

Data Protection Report

NOVEMBER 25, 2021

In comparison, the monetary cap is still much less than the cap under the EU General Data Protection Regulation (GDPR), including the UK version post-Brexit, where the maximum penalty for serious infringements is the greater of €20 million (about A$31 million) or 4% of annual global turnover. New online privacy code and framework.

Privacy

Privacy Paper Compliance Government

The Impacts of Data Loss on Your Organization

Security Affairs

JULY 3, 2023

Semi-Structured Data: Semi-structured data lies between the structured and unstructured categories. Organizations may face penalties, fines, or legal actions if they fail to comply with data privacy regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA).

Unstructured data

Unstructured data Metadata Encryption Data structuring

Time to Take Notice: ICO to Impose Record Fine for Data Security Breach

HL Chronicle of Data Protection

JULY 8, 2019

million) for infringements of the General Data Protection Regulation (GDPR). This marks the first fine issued by the ICO resulting from a data security breach under the GDPR and will be the largest fine ever issued by the ICO. million (approx. ” ICO Enforcement Implications. What happens next?

GDPR

GDPR Security Personal data Data breaches

EU: Europe’s toolbox for building compliant Corona tracking apps

DLA Piper Privacy Matters

APRIL 27, 2020

In order to tackle the crisis, it might well be that the second category will be preferred as it enables public health authorities to have access to anonymised and aggregated information on social distancing, effectiveness of the Apps or the potential diffusion of Covid-19. Supporting actions). Supporting actions.

Personal data

Personal data Privacy Cybersecurity Access

Trick or Treat: The Choice is Yours with Multifactor Authentication

Thales Cloud Protection & Licensing

OCTOBER 28, 2021

Multifactor authentication requires users to take an extra step to verify who they are by providing two or more distinct categories of evidence. This incident came to light just as the GDPR regulation was rolling out, which undoubtedly created a compliance nightmare for Timehop in having to notify affected EU users on time.

Authentication

Authentication Passwords Cloud Data breaches

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

To be clear, this is not China’s own GDPR. Security and Confidentiality Personal information must be kept confidential, and security measures must be deployed, as prescribed by the Cybersecurity Law and the Data Security Law and their underlying measures, guidelines and technical standards.

Data Privacy

Data Privacy Privacy Compliance Analytics

European Commission Publishes Draft Data Governance Act

Hunton Privacy

DECEMBER 2, 2020

The Data Governance Act outlines (1) the conditions for re-use of certain categories of data held by public sector bodies in the EU; (2) a notification and supervisory framework for the provision of data sharing services; and (3) a framework for voluntary registration of entities that collect and process data made available for altruistic purposes.

Government

Government Personal data Compliance GDPR

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 8, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. CCPA Background. Right of Disclosure. Right of Deletion.

Privacy

Privacy Sales Compliance Cybersecurity

What IG Professionals Should Know About the Internet of Bodies

ARMA International

FEBRUARY 21, 2020

Even autos and work vehicles are moving into the wearables category as they capture more and more data that identifies each individual driver’s personal habits, location, and speed-limit adherence both while on the job and away from it. FDA issues new draft cybersecurity guidance for medical devices.” Devices we eat (“ingestibles”).

Computer and Electronics

Computer and Electronics Privacy Artificial Intelligence IoT

How to Develop an Incident Response Plan

eSecurity Planet

DECEMBER 9, 2021

For cybersecurity personnel, our scope of responsibility may be limited to cyberattacks on IT systems, such as ransomware attacks, phishing attacks, and DDoS attacks. For example, assign the cloud team to initially respond to incidents involving cloud assets with the cybersecurity team providing backup resources.

Insurance

Insurance Ransomware Data breaches Cloud

Top 18 Cybersecurity Startups to Watch in 2021

eSecurity Planet

JANUARY 28, 2021

Cybersecurity products, services and professionals have never been in higher demand. A contributing factor to the cybersecurity skills gap is the large number of security startups that have been founded in recent years. According to a joint study by CBInsights and PwC, Cybersecurity startups received over $10.7 Compliance.

Cybersecurity

Cybersecurity Compliance Cloud Artificial Intelligence

“What’s Cooking” in Sacramento: CCPA’s “Employee Exception” Bill is Amended; “Publicly Available Information” Exception is Broadened, and Consumer Access Rights are Clarified

Data Protection Report

JULY 3, 2019

If you have any questions or would like additional information regarding CCPA or other US legislative proposals, please contact a member of our Data Protection, Privacy and Cybersecurity team. Article 8: GDPR, CCPA and beyond: Changes in data privacy laws and enforcement risks to monitor in 2019. Article 2: CCPA covered entities.

Access

Access Privacy Data Privacy Government

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Privacy and Cybersecurity Law

NOVEMBER 9, 2018

In the aftermath of the Cambridge Analytica scandal, and in the footsteps of Europe’s General Data Protection Regulation (“GDPR”), California privacy advocates introduced a ballot initiative on October 12, 2017 called “The Consumer Right to Privacy Act of 2018” (No. CCPA Background. Right of Disclosure. Right of Deletion.

Privacy

Privacy Sales Education Compliance

GDPR compliance checklist

How to implement the General Data Protection Regulation (GDPR)

Webinars

Trending Sources

How to Comply with GDPR, PIPL, and CCPA

Webinars

GUEST ESSAY: ‘CyberXchange’ presents a much-needed platform for cybersecurity purchases

New SEC Cybersecurity Rules Could Affect Private Companies Too

This Cybersecurity Awareness Month, Implement Multi-Factor Authentication

Security Compliance & Data Privacy Regulations

GDPR – The Year in Review

Data processors under the GDPR

Automated Security and Compliance Attracts Venture Investors

Italian National Cybersecurity Perimeter: With great power comes great responsibility!

European Commission proposes reinforcement of EU Cybersecurity rules

ICO Publishes Draft New Guidance on PETs

CIPL Submits Response to China’s Personal Information Protection Law

First multi-million Euro GDPR fine: Google LLC fined €50 million under GDPR for transparency and consent infringements in relation to use of personal data for personalised ads

China Releases Draft Regulations on Network Data Security Management

Building cyber security careers

UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations

GDPR is upon us: are you ready for what comes next?

NEW TECH: This free tool can help gauge, manage third-party cyber risk; it’s called ‘VRMMM’

The Privacy Officers’ New Year’s Resolutions

Processing of riders’ personal data ? The Italian Data Protection Authority sanctions a food delivery company

How Companies Need to Treat User Data and Manage Their Partners

California Privacy Law Overhaul – Proposition 24 Passes

Security Outlook 2023: Cyber Warfare Expands Threats

ICO Issues Data Protection and Coronavirus Guidance

The Privacy Officers’ New Year’s Resolutions

U.S. states pass data protection laws on the heels of the GDPR

What is the NIS2 Directive and How Does It Affect You?

EDPB guidelines on the targeting of social media users

EUROPE: New privacy rules for connected vehicles in Europe?

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

The Impacts of Data Loss on Your Organization

Time to Take Notice: ICO to Impose Record Fine for Data Security Breach

EU: Europe’s toolbox for building compliant Corona tracking apps

Trick or Treat: The Choice is Yours with Multifactor Authentication

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

European Commission Publishes Draft Data Governance Act

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

What IG Professionals Should Know About the Internet of Bodies

How to Develop an Incident Response Plan

Top 18 Cybersecurity Startups to Watch in 2021

“What’s Cooking” in Sacramento: CCPA’s “Employee Exception” Bill is Amended; “Publicly Available Information” Exception is Broadened, and Consumer Access Rights are Clarified

The Good, Bad, And The Ugly: Key Takeaways From California’s New Privacy Law

Stay Connected