Articles about GDPR

This weekend marks exactly a year since the introduction of the EU's GDPR legislation shook up the world of data protection and sent businesses around the world into a flurry of compliance activity.

So, what has the industry learned over the past year and what are the ongoing challenges we can expect to see? We've gathered the views of some industry experts.

Continue reading →

In May of 2018, companies raced to the finish line to accomplish GDPR compliance. Given that it was the first year of GDPR, many industry experts expected to not see any companies fined. That is all going to change in the year ahead. In January 2019, Google was hit with the first major GDPR fine of $57 million, putting an end to the unspoken grace period. Companies should recognize this as a warning: get compliant or risk massive fines. This is especially important as only 59 percent of organizations report meeting all or most GDPR requirements, 29 percent expect to do so within a year, and nine percent will take more than a year.

With the stress of GDPR and potential increase in consumer privacy legislation looming on the horizon, CISOs need help. Rather than continuing to spin their wheels, CISOs should consider governance, risk and compliance (GRC) solutions that simplify GDPR compliance by streamlining operations to avoid fines and penalties altogether. Below I put together three ways that a GRC solution can help.

Continue reading →

It is now a year since GDPR (General Data Protection Regulation) rules came into effect in Europe, and on this anniversary, Microsoft is starting a conversation about bringing similar privacy regulation to the US.

The company praises the privacy framework and says that it has improved how companies handle their customers' personal data. It says that GDPR has inspired a global movement that has seen countries around the world adopt new privacy laws, and that it is time for the US to follow suit.

Continue reading →

Only half of companies achieved compliance with GDPR before the May 25, 2018 deadline, and most companies took seven months or longer to achieve readiness.

This is among the findings of a new report from privacy management platform DataGrail which also reveals that two-thirds of companies assigned dozens, or even hundreds, of employees to manage GDPR compliance.

Continue reading →

The UK tax authority, HM Revenue and Customs (HMRC), has been forced to deleted voice recording of five million taxpayers. The recordings were made without consent, which the Information Commissioner's Office (ICO) said constituted a "significant" breach of data and privacy rules.

Before being allowed to access HMRC services, callers were required to repeat the phrase "My voice is my password". This recording was fed into the authority's biometric voice ID database, and violated GDPR rules.

Continue reading →

Data privacy is a major concern for businesses, made more acute by the raft of new compliance and data protection rules appearing around the world.

Immuta is launching a platform with no-code, automated governance features that enable business analysts and data scientists to securely share and collaborate with data, dashboards, and scripts without fear of violating data policy and industry regulations.

Continue reading →

The UK is looking at hitting technology companies with financial penalties if they fail to do enough to counter "harmful content" on their platforms.

Jeremy Wright, the Digital, Culture, Media and Sport (DCMS) secretary, says that tech firms need to be made to "sit up and take notice" when it comes to dealing with problematic content. While clearly aimed more at social media companies, the proposals would encompass other technology firms as well. The plans also suggest that search engines should remove links to offending websites, and that some sites could even be blocked completely.

Continue reading →

No one questions the good intent behind the EU’s General Data Protection Regulation (GDPR) legislation, or the need for companies to be more careful with the proprietary information they have about clients, patients, and other individuals they interact with regularly. While the provisions within the GDPR do help, they have also created new opportunities for hackers and identity thieves to exploit that data.

There’s no doubt that seeking to be fully GDPR compliant is more than just a good idea. Along the way, just make sure your organization doesn’t fall victim to one of the various scams that are surfacing. Let’s take a quick review of GDPR and then dive into the dirty tricks hackers have been playing.

Continue reading →

The roll out of GDPR (General Data Protection Regulation) has changed the face of privacy and data protection for millions of people across Europe. The regulation not only grants people access to the personal data companies hold about them, but also controls how this data can be used and transferred.

Apple's Tim Cook has already voiced his support for GDPR and said that the rest of the world should implement similar regulation. Now he has been joined by Cisco in calling for data laws to be embraced by the US as they have been in Europe.

Continue reading →

The introduction of new regulatory and privacy laws around the world is forcing companies to become more aware of the personal customer info they are holding, but it can be hard to identify sensitive information.

AI-based compliance platform Cognigo is launching a new data protection capability that can differentiate between sensitive and non-sensitive data based on language context.

Continue reading →

Speaking at the International Conference of Data Protection and Privacy Commissioners in Brussels, Apple CEO Tim Cook praised Europe's GDPR (General Data Protection Regulation) and said the US needs to fight back against the weaponization of personal data.

In a strongly-worded speech, Cook avoided explicitly naming the likes of Google and Facebook for trading in private information, but it was clear who he was referring to when he said data was being misused. He added: "We shouldn't sugar-coat the consequences. This is surveillance".

Continue reading →

Twitter is being investigated by the Irish Data Protection Commission (DPC) over concerns about how much data it collects through its t.co link-shortening tool.

The Irish privacy regulator is concerned about the amount of data Twitter is able to collect through the service -- something that was only heightened by the company's refusal to hand over information about link tracking when it was requested.

Continue reading →

New research from IT procurement company Probrand shows that 68 percent of UK businesses have failed to wipe the data from IT equipment before disposal, leaving them open to fines under GDPR if data is exposed.

In addition 70 percent admit to not having an official process or protocol for disposing of obsolete IT equipment.

Continue reading →

A new report released ahead of the Infosecurity North America event to be held next month, shows that the majority of chief information security officers (CISOs) are receiving conflicting advice about new or changing regulation.

In addition, when asked what regulatory bodies should do to help promote a smooth rollout of privacy regulations, 35 percent of respondents say that regulators should provide clearer communication about compliance requirements.

Continue reading →

New figures from Kaspersky Lab show that more than a third (35.7 percent) of phishing attempts in the second quarter of 2018 attempts were related to financial services via fraudulent banking or payment pages.

The IT sector was second hardest hit, with 13.83 percent of attacks targeting technology companies, a 12.28 percent increase compared to Q1.

Continue reading →