Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

What a Modern Threat Intelligence Program Should Be

Tom Field • March 2, 2021

Many enterprises have what they consider to be mature threat intelligence programs. Yet they continue to be breached. Where is the disconnect? Gene Yoo, CEO of Resecurity, describes what’s wrong with TI programs today, as well as the essential elements of a modern threat intelligence program.

Critical Infrastructure Security

Yandex: Insider Caused Breach Affecting 5,000 Customers

Latest

COVID-19

NHS Reports COVID-19 App Success, Backed by Strong Privacy

Mathew J. Schwartz • February 9, 2021

Good news in the fight to prevent COVID-19 infections: Researchers report that a digital contact-tracing app rolled out in England and Wales that's designed to keep users' data private and secure is helping to blunt the spread of the pandemic. They urge continuing global uptake of such apps.

Breach Notification

Privacy Fines: Total GDPR Sanctions Reach $331 Million

Mathew J. Schwartz • January 19, 2021

Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.

Endpoint Security

Millions of IoT Devices at Risk From TCP/IP Stack Flaws

Jeremy Kirk • December 8, 2020

A critical component within millions of consumer and enterprise IoT devices has dangerous software flaws. New research from Forescout Technologies into open-source TCP-IP stacks shows millions of devices from 150 vendors are likely vulnerable.

General Data Protection Regulation (GDPR)

Microsoft Backpedals Over 'Productivity Score' Monitoring

Mathew J. Schwartz • December 3, 2020

Microsoft is revamping its controversial "productivity score" in Microsoft 365 so that individual workers can no longer be tracked. The move follows warnings by privacy advocates that the feature was a step too far into the realm of workplace surveillance.

Application Security

Fraud Prevention Without Friction

Tom Field • February 11, 2021

E-commerce and fraud - they evolved and grew together in 2020, and it's time for fraud defenses to do the same. Smriti Jaggi of F5 details how to deploy a multi-layered fraud defense without adding extra friction to the process.

Cloud Security

Your Microsoft 365 productivity cloud and the backup it deserves

Barracuda Networks • February 8, 2021

Get answers to all your questions about how to seize cloud opportunities and realize your business’ potential—while also protecting all your data beyond what’s possible on-premises—in this wide-ranging conversation among experts and thought leaders from Microsoft and Barracuda. And a sneak peek of the Cloud to...

Fraud Management & Cybercrime

CISOs on Ransomware and Malicious Insiders

Information Security Media Group • February 5, 2021

View this webinar OnDemand to learn about the rise of targeted ransomware attacks and the difficulties in stopping them.

Account Takeover Fraud

Account Takeover in 2021 - and How to Prevent It

Information Security Media Group • February 5, 2021

SpyCloud has fresh research into account takeover trends and finds that attacks have recently spiked by 300%. Chip Witt explains the trends behind the stats and offers insight into what enterprises often are overlooking in their ATO prevention strategies.

Governance & Risk Management

The Future of Identity Proofing

Tom Field • February 4, 2021

In the era of “Verify, then trust,” identity proofing becomes the key challenge for enterprises to meet. Matt Johnson of TransUnion dives into the myths and realities behind such topics as biometrics, authentication and national ID programs.

Governance & Risk Management

Profiles in Leadership: Arun DeSouza, Nexteer Automotive

Tom Field • January 29, 2021

Some people run from change. Arun DeSouza of Nexteer Automotive runs toward it. "Now is my time," says the veteran chief information security and privacy officer, who shares his leadership and technology insights in this exclusive interview.

Email Security & Protection

Email Security: The Risks You're Missing

Tom Field • January 27, 2021

Kevin O'Brien, CEO and co-founder of GreatHorn, often asks business leaders about their email security, and they say "It's OK." But what's not "OK" is that these defenses are leaving enterprises wide open to vulnerabilities that adversaries are exploiting.

General Data Protection Regulation (GDPR)

Grindr Potentially Faces $12 Million GDPR Privacy Fine

Mathew J. Schwartz • January 27, 2021

Norway's privacy watchdog has proposed fining location-based dating app Grindr nearly $12 million after finding that it violated Europeans' privacy rights by sharing data with many more third parties than it had disclosed.