Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Happy birthday to GPDR full enforcement, which began on May 25, 2018 (Photo: Will Clayton)

Privacy Rights: GDPR Enforcement Celebrates Third Birthday

Mathew J. Schwartz • May 25, 2021

Where were you on May 25, 2018? That was the day the EU's General Data Protection Regulation went into full effect. Three years later, some legal and privacy experts say that while the global privacy discussion and expectations have evolved, GDPR still has some growing up to do.

►

RSA Conference

A Tale of 3 Data 'Leaks': Clubhouse, LinkedIn, Facebook

Latest

Breach Notification

Ransomware Cleanup Costs Scottish Agency $1.1 Million

Mathew J. Schwartz • April 6, 2021

How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.

CCPA

Federal Privacy Bill Reintroduced in Congress

Doug Olenick • March 15, 2021

U.S. Rep. Suzan DelBene, D-Wash, has reintroduced a bill that would create a national-wide data privacy standard that in its latest incarnation makes an attempt to placate Republicans. The bill, if passed, would replace a patchwork of current state laws.

Breach Notification

533 Million Facebook Account Records Posted to Forum

Doug Olenick • April 4, 2021

A security researcher found more than 500 million Facebook records being offered for free on the darknet, exposing basic user information, including any phone numbers associated with the accounts. Facebook says this is “old data” previously reported as exposed.

Application Security

Booking.com's GDPR Fine Should Serve as 'Wake-Up Call'

Akshaya Asokan • April 2, 2021

The 475,000 euro fine levied against Booking.com by Dutch privacy authorities should serve as a "wake-up call" for other companies when it comes to GDPR, some experts say. The company waited more than 20 days to report the breach to officials instead of the 72-hour window required under Europe's privacy law.

Next-Generation Technologies & Secure Development

The Power of Actionable Threat Intel

Tom Field • April 2, 2021

The lack of automation and actionable threat intelligence may be preventing enterprises from developing the fully functional Cyber Fusion Centers they envision. Anomali's Mark Alba shares ideas on how to change that.

Next-Generation Technologies & Secure Development

What’s the Point of Threat Intelligence Without Threat Detection?

April 2, 2021

Watch now to learn more about discovering how to take threat intelligence to the next level with advanced detection capabilities.

Governance & Risk Management

Switching Away from Paper Documents for Good

Information Security Media Group • April 1, 2021

Replacing paper documents with an electronic version is one of the many tasks you may be facing as part of the remote work transformation.

Cloud Security

Is Your Security Stack Ready for the Modern Cloud?

Information Security Media Group • March 26, 2021

Digital transformation makes the headlines. But behind the scenes, many enterprises are struggling with the effects of cloud migration and the “shift left” movement. Knox Anderson of Sysdig shares tips for approaching the modern cloud.

Endpoint Security

Purpose Built: Securing vSphere Workloads

Information Security Media Group • March 23, 2021

View this OnDemand webinar to learn how VMware Carbon Black is delivering unified workload protection that’s purpose-built for vSphere.

Active Defense & Deception

Digital Risk Protection and 'Offensive Defense'

Tom Field • March 22, 2021

Years ago, when he was working in systems integration, Mirza Asrar Baig envisioned the concept of digital risk protection technology. Today, as CEO of CTM360, he is promoting it as a way to provide “offensive defense.”

Critical Infrastructure Security

UK Set to Boost Cybersecurity Operations

Prajeet Nair • March 15, 2021

Ahead of presenting a long-term review of national security strategy in Parliament on Tuesday, U.K. Prime Minister Boris Johnson issued a statement calling for a boost to the country’s capacity to conduct cyberattacks on foreign adversaries.

DevSecOps

OnDemand Webinar | Security Education for Developers

Information Security Media Group • March 12, 2021

Watch this episode of the "On The Road to DevSecOps" series to learn from a group of DevOps experts on why AppSec Awareness and Training matters and how to give your developers secure coding education that works.