Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Supposed details of the Dave hack posted by a cybercrime forum user who goes by "Sheep" (Source: Cyble)

Analysis: The Hacking of Mobile Banking App Dave

Nick Holland • July 31, 2020

The latest edition of the ISMG Security Report analyzes the hacking of Dave, a mobile banking app. Plus: Sizing up the impact of GDPR after two years of enforcement and an assessment of IIoT vulnerabilities.

Breach Notification

Enhancing Approval Rates: Best Practices In An Accelerated eCommerce Environment

Cybercrime

Yet Again, Vulnerabilities Found in a Router

COVID-19

Analysis: Monitoring the Risks Posed by Remote Workers

Governance & Risk Management

CCPA Enforcement: What to Expect Now

Latest

Business Continuity Management / Disaster Recovery

Backing Up Data: How to Prepare for Disaster

Jeremy Kirk • May 15, 2020

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Account Takeover

Analysis: The Contact-Tracing Conundrum

Nick Holland • May 8, 2020

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

COVID-19

Employee Surveillance: Who's the Boss(ware)?

Mathew J. Schwartz • July 8, 2020

With so many employees working from home during the COVID-19 pandemic, vendors of time-tracking and productivity-monitoring software report surging interest in their wares. Regardless of whether organizations deploy light-touch or more Big Brother types of approaches, beware potential privacy repercussions.

Critical Infrastructure Security

Detecting Network Security Incidents

Anna Delaney • July 3, 2020

Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents.

Identity & Access Management

OnDemand | Secure & Streamline Workforce and Customer Experiences

Information Security Media Group , • July 1, 2020

View this panel discussion about deployment strategies and real case studies surrounding identity modernization initiatives.

Business Continuity Management / Disaster Recovery

OnDemand | Strategies to Mitigate Cyberattack Risk in the 'New Normal'

Information Security Media Group , • June 29, 2020

View this webinar to learn strategies to mitigate cyberattack risk in the 'new normal' and what you can do to continue to stay ahead of the curve.

General Data Protection Regulation (GDPR)

French Court Upholds $56 Million Google GDPR Fine

Doug Olenick • June 22, 2020

France's top court has upheld a $56 million fine against Google for violating the EU's General Data Protection Regulation with its advertising personalization model that lacked adequate user consent measures. The fine is the biggest yet for a GDPR privacy policy violation.

General Data Protection Regulation (GDPR)

Big GDPR Fines in UK and Ireland: What's the Holdup?

Mathew J. Schwartz • June 1, 2020

The EU's General Data Protection Regulation was meant to finally bring in line organizations that didn't treat Europeans' personal data with respect. But two years after the regulation went into full effect, why have both the U.K. and Ireland each issued only one final GDPR fine to date?

Breach Notification

UK Data Breach Reports Decline

Mathew J. Schwartz • May 25, 2020

Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.

Application Security

Apple, Google Release Contact-Tracing APIs for COVID-19

Jeremy Kirk • May 21, 2020

Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.

Governance & Risk Management

Remote Workforce Security - the Long Game

Information Security Media Group • May 21, 2020

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Breach Notification

EasyJet Data Breach Exposes 9 Million Customers' Details

Mathew J. Schwartz • May 19, 2020

European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.