TikTok Fined €530 Million Over Chinese Access to EU Data
European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
Stay informed on GDPR regulations and data protection with the latest news, insights, and compliance strategies in our info security hub.
Search across headline titles and summaries.
Background for this topic.
GDPR is the European Union’s General Data Protection Regulation, in force since 25 May 2018. It governs the processing of personal data by organizations in the EU and, in some circumstances, organizations elsewhere that offer services to or monitor people in the EU. It sets principles and lawful bases for processing, gives individuals rights over their data, and defines duties for controllers and processors.
For security practitioners, GDPR requires risk-appropriate technical and organizational measures to protect personal data, such as access control, encryption or pseudonymization where appropriate, resilience, and regular testing. Privacy by design and by default should shape system and data-flow decisions. A personal-data breach may require notifying the relevant supervisory authority without undue delay and, where feasible, within 72 hours of awareness; affected individuals may also need notification when the risk is high. These obligations make asset and data inventories, processor oversight, retention controls, and breach playbooks operationally important.
Weekly headline count for the current query.
European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?
Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.
As the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe's costly missteps.
Political and economic motivations impel nation-state and independent hackers, while the European Union strives to keep its members secure and prepared.
The days of a one-size-fits-all consent strategy are gone. Consider a two-pronged approach and use smart consent management technology to adapt to differing regulations.
Google Analytics has been found to be in violation of GDPR privacy laws by Italy — the third country to ban it.
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.