Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Analysis: Monitoring the Risks Posed by Remote Workers

Nick Holland • July 10, 2020

The latest edition of the ISMG Security Report analyzes the surge in the use of employee monitoring tools for the increasingly remote workforce. Also featured: Discussions about IoT security guidelines and CCPA compliance requirements.

►

Governance & Risk Management

Big GDPR Fines in UK and Ireland: What's the Holdup?

Latest

Business Continuity Management / Disaster Recovery

Backing Up Data: How to Prepare for Disaster

Jeremy Kirk • May 15, 2020

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Account Takeover

Analysis: The Contact-Tracing Conundrum

Nick Holland • May 8, 2020

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

COVID-19

Analysis: COVID-19 Contact-Tracing Privacy Issues

Nick Holland • April 24, 2020

The latest edition of the ISMG Security Report analyzes the privacy issues raised by COVID-19 contact-tracing apps. Also featured: An update on efforts to fight fraud tied to economic stimulus payments; John Kindervag on the origins of "zero trust."

3rd Party Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Information Security Media Group • April 7, 2020

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Breach Notification

Morrisons Not Liable for Breach Caused by Rogue Employee

Mathew J. Schwartz • April 2, 2020

Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.

Breach Notification

UK Data Breach Reports Decline

Mathew J. Schwartz • May 25, 2020

Britain's privacy watchdog reports it received 19% fewer data breach notifications in the first quarter than in the same period last year. While the decline may be attributed to more organizations better understanding when to report breaches, other countries have seen an increase in breach reports.

Application Security

Apple, Google Release Contact-Tracing APIs for COVID-19

Jeremy Kirk • May 21, 2020

Apple and Google have released new APIs designed to support contact-tracing apps being developed by governments to help combat the COVID-19 pandemic. Already at least three U.S. states and 22 countries have expressed interest in using the APIs to build their apps.

Governance & Risk Management

Remote Workforce Security - the Long Game

Information Security Media Group • May 21, 2020

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Breach Notification

EasyJet Data Breach Exposes 9 Million Customers' Details

Mathew J. Schwartz • May 19, 2020

European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.

Application Security

AST as the Key to DevSecOps Maturity

Information Security Media Group • May 15, 2020

DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.

Application Security

Zero Trust: 3 Critical Considerations

Tom Field • May 4, 2020

Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.