Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

GDPR fines imposed by EU member states, for countries that have publicly disclosed such information (Source: DLA Piper)

GDPR: $126 Million in Fines and Counting

Mathew J. Schwartz • January 21, 2020

Since the EU's General Data Protection Regulation went into full effect in May 2018, European data protection authorities have received more than 160,900 data breach reports and imposed $126 million in fines under GDPR for a wide variety of infringements, not all involving data breaches.

Active Defense & Deception

Job Search: Head of UK's National Cyber Security Center

Latest

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett • December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

Account Takeover

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Mathew J. Schwartz • December 10, 2019

One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.

Fraud Management & Cybercrime

Analysis: Instagram's Major Problem With Minors' Data

Nick Holland • November 15, 2019

The latest edition of the ISMG Security Report offers an in-depth analysis of whether Instagram is doing enough to protect the contact information of minors. Plus: Compliance updates on GDPR and PCI DSS.

Governance

Devaluing Data to Protect It

Scott Ferguson • November 13, 2019

In today's digital environment, protecting sensitive information and sales transaction data is of critical importance. Tim Horton of First Data explains the concept of "devaluing" data so it's worthless in the event of a breach.

Fraud Management & Cybercrime

EMV 3D Secure: Upcoming Milestones

Tom Field • November 13, 2019

The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight.

Governance

Microsoft Will Apply California's Privacy Law Nationwide

Jeremy Kirk • November 12, 2019

Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the...

General Data Protection Regulation (GDPR)

Take Two: Why Organizations Are Reviewing GDPR Efforts

Mathew J. Schwartz • November 11, 2019

The EU's General Data Protection Regulation rewrote the rules of the data privacy and breach notification game when it went into full effect last year. Now, however, numerous organizations are revisiting and refining their GDPR compliance efforts around preparation and remediation, says PwC's Polly Ralph.

General Data Protection Regulation (GDPR)

Privacy Nirvana: Some Assembly Still Required

Mathew J. Schwartz • November 11, 2019

Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.

Application Security

Apple and Google Stop Distributing ToTok Messaging App

Mathew J. Schwartz • December 24, 2019

Apple and Google have stopped distributing a popular messaging app marketed to English and Arabic speakers called ToTok. The New York Times has reported that U.S. intelligence agencies believe ToTok was developed by the United Arab Emirates government to spy on its citizens. The government bans rival offerings.

Finance & Banking

Is AI The Ultimate Weapon in The Fight Against Financial Crime?

Gareth Evans • December 20, 2019

No matter how good the lock on your door, sooner or later someone can break in. When they do, how do you monitor them?

Finance & Banking

Cyber Ground Truth in the Financial Sector

Information Security Media Group • December 18, 2019

3rd Party Risk Management

Reflections on Cloud Strategies & Security

Information Security Media Group • December 12, 2019

How does one make cloud a prominent part of enterprise security strategy? Is the cloud inherently more secure than on-prem? These were among the discussion points of a recent Dallas executive roundtable. Alex Pitigoi of Nominet shares her takeaways from the event.