Stay informed on GDPR regulations and data protection with the latest news, insights, and compliance strategies in our info security hub.
Search across headline titles and summaries.
Background for this topic.
GDPR is the General Data Protection Regulation, a comprehensive data protection law that was implemented by the European Union in May 2018. It is designed to give individuals more control over their personal data and to unify data protection regulations across EU member states, ensuring that all data privacy laws are applied equally.
In the context of information security, GDPR plays a significant role in dictating how organizations should handle and protect personal data. It sets forth strict requirements on data processing, data access, data transfer, and mandates a higher standard of consent for the use of personal information. Organizations are required to implement appropriate technical and organizational measures to protect data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Moreover, GDPR introduces the concepts of privacy by design and by default, meaning that data protection measures must be integral to the development of business processes and systems. It also imposes rigorous reporting and notification systems for data breaches, which fundamentally affects how organizations manage their information security strategies and practices.
Weekly headline count for the current query.
Council of the EU Rejects Redefinition of 'Personal Data'A rejection by European Union member governments of proposal backed by the European Commission to make it easier to share data about individuals won cautious plaudits from Paul Nemitz, a key architect of Europe's General Data Protection Regulation.
The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR
Regulators logged over 400 personal data breach notifications a day for first time since law came into force GDPR fines pushed past the £1 billion (€1.2 billion) mark in 2025 as Europe's regulators were deluged with more than 400 data breach notifications a day, according to a new survey that suggests the post-plateau era of enforcement has well and truly arrived.…
DLA Piper finds 22% increase in breached firms notifying European GDPR regulators
Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits The French data protection regulator, CNIL, today issued a collective €42 million ($48.9 million) fine to two French telecom companies for GDPR violations stemming from a data breach.…
Rights groups say digital-only record is leaking data and courting trouble Civil society groups are urging the UK's data watchdog to investigate whether the Home Office's digital-only eVisa scheme is breaching GDPR, sounding the alarm about systemic data errors and design failures that are exposing sensitive personal information while leaving migrants unable to prove their lawful status.…
Lobbying efforts gain ground as proposals carve myriad holes into regulations Privacy advocates are condemning the European Commission's leaked plans to overhaul digital privacy legislation, accusing officials of bypassing proper legislative processes to favor Big Tech interests.…
Strongly-worded emails to staff telling them to be more careful aren't going to cut it anymore Partner Content UK GDPR Article 32 mandates "appropriate security measures". The ICO has defined what that means: multi-million-pound fines for password failures. The violations that trigger them? Small, familiar, and happening in your organization right now.…
Noyb says New York-based facial recognition biz flouted GDPR orders and kept scraping anyway Privacy advocates at Noyb filed a criminal complaint against Clearview AI for scraping social media users' faces without consent to train its AI algorithms.…
The Dutch Data Protection Authority issued Experian a €2.7m for GDPR violations including excessive collection of personal data
Experian Netherlands has been fined EUR 2.7 million ($3.2 million) for multiple violations of the General Data Protection Regulation (GDPR) [...]
Redmond argued schools, education authorities are responsible for GDPR An Austrian digital privacy group has claimed victory over Microsoft after the country's data protection regulator ruled the software giant "illegally" tracked students via its 365 Education platform and used their data.…
Resilionix's Heather Lowrie on Embracing GDPR as Tool for Change and ResilienceIn a modern regulatory environment, compliance is no longer just an exercise in ticking off boxes. Thanks to GDPR, financial services firms are shifting from a reactive mindset to a more proactive approach to compliance that focuses on risk management, said Heather Lowrie, director at Resilionix.
Discover how GDPR compliance can spark real growth and give you a competitive advantage with practical strategies and a strong security culture. [...]
The Berlin Commissioner for Data Protection has formally requested Google and Apple to remove the DeepSeek AI application from the application stores due to GDPR violations. [...]
Privacy Activists Decry Loosening Record-Keeping RequirementsPrivacy rights groups urged the European Commission to retreat from proposals to revise the GDPR. Europe pledged to lessen record-keeping obligations for companies with up to 500 employees so long as the data processing isn't "likely to result in a high risk."
Civil society groups and academics are calling for the EU's GDPR to remain unchanged following the EU Commission's plans to revisit it
'Legitimate interest' won't wash, says privacy outfit, as Zuck's org claims activists want to 'delay AI innovation' There's a Max Schrems-shaped object standing in the way of Meta's plans to train its AI on the data of its European users, and he's come armed with several justifications for why Zuckercorp might be violating EU regulations with its stated plans. …
European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
Ireland’s data protection watchdog accuses the Chinese social media giant of violating GDPR with transfers of European users’ data to China