Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Businesses can see "productivity scores" for users of Microsoft 365 and Office 365 products (Source: Microsoft)

Productivity Tools May Be Monitoring Workers' Productivity

Mathew J. Schwartz • November 27, 2020

Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.

General Data Protection Regulation (GDPR)

Marriott Hit With $24 Million GDPR Privacy Fine Over Breach

Latest

Cloud Security

Strong Crypto and Policing: EU Again Debates Encryption

Tony Morbin • November 19, 2020

European lawmakers are once again considering encryption policies and attempting to strike a balance between the privacy and security afforded by strong encryption and law enforcement's needs. But with encryption being a cornerstone of the internet, is there any new balance to be struck?

General Data Protection Regulation (GDPR)

Cybersecurity Essentials for SMEs

Anna Delaney • November 19, 2020

Small and midsize enterprises must avoid assuming they won't be targeted for cyberattacks and ensure they're taking adequate security precautions, says Emma Philpott of the consultancy IASME Consortium Ltd., who offers insights on essential steps.

COVID-19

Analysis: Are Marriott and BA's GDPR Fines Big Enough?

Anna Delaney • November 6, 2020

The latest edition of the ISMG Security Report features an analysis of the EU General Data Protection Regulation fines that have finally been imposed on Marriott and BA over serious data breaches each suffered. Also featured: Regional digital fraud trends, and a look at the CISO role and its responsibilities.

Cybercrime

Marriott Breach Takeaway: The M&A Cybersecurity Challenge

Mathew J. Schwartz • November 4, 2020

Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.

Business Continuity Management / Disaster Recovery

NCSC Reports Record Number of Cyber Incidents Amid COVID-19

Prajeet Nair • November 3, 2020

The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.

Application Security

Behavioral Biometrics: The Next Generation

Tom Field • October 19, 2020

Behavioral biometrics have evolved, and Michael Yeardley of LexisNexis Risk Solutions says the new generation of controls can not only identify the bad guy - but also "the really clever bad guy." He explains how.

Account Takeover Fraud

Cybercrime: 12 Top Tactics and Trends

Mathew J. Schwartz • October 13, 2020

Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.

Digital Identity

Analysis: Why Regulators Got Tough With H&M

Anna Delaney • October 9, 2020

The latest edition of the ISMG Security Report analyzes why clothing retailer H&M was hit with a hefty fine for violating the EU's General Data Protection Rule. Also featured: The coming of age of digital identities; deputy CSO at Mastercard on top priorities for 2021.

Breach Notification

Breach of COVID-19 Test Data Undermines Pandemic Response

Mathew J. Schwartz • September 15, 2020

What's one of the worst things that can happen during a pandemic? The answer is anything that gives people less reason to trust in their public health system to handle the crisis. Enter a data breach that has exposed personal information for everyone who's ever tested positive for the disease in Wales.

COVID-19

Data Breach Reports Fall 45% in UK

Mathew J. Schwartz • September 4, 2020

The number of cybersecurity incidents reported to the U.K.'s data privacy watchdog has continued to decline, recently plummeting by nearly 40%. But is the quantity of data breaches going down, or might organizations be failing to spot them or potentially even covering them up?

Cloud Security

Your Cloud Journey and the New Tomorrow

• November 25, 2020

In this webinar, Rich Mogull, CEO of Securosis, whiteboards the four common cloud migration patterns and explains the benefits and risks of each.

COVID-19

How Network Managers Can Gain Visibility & Secure 'Work From Home' Traffic

• November 25, 2020

This webinar with Osterman Research offers insights into critical issues network managers need to address to gain visibility and secure their network traffic.