The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, processed and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving personally identifiable information (PII).

Deploying software and hoping it’s “safe enough” isn’t a measurable security strategy. It’s certainly not something that’s going to bode well when the time comes to disclose processes and practices for managing cybersecurity risks.

There are a variety of cybersecurity regulations in Europe, including the ePrivacy Directive, which focuses on enhancing data protection, processing personal data, and privacy in the digital age. This Directive, recently updated with the ePrivacy regulation, continues the European Union’s ongoing efforts to create cohesive and comprehensive European data protection and cybersecurity standards across all member states.

Numerous U.S.-based companies that operate online have customers from the European Union (EU) or other parts of the European Economic Area (EEA). If your business engages with these customers, it is subject to the EU’s General Data Protection Regulation (GDPR). This extensive data privacy regulation has an impact on many U.S. entities due to its extraterritorial reach.

The Digital Operational Resilience Act (DORA) is a piece of legislation in the EU (Regulation (EU) 2022/2554) that aims to enhance the operational resilience of the financial sector.

It seems everyone is concerned about cybersecurity these days, and the investor community is no different. Shareholders are reading the headlines—ransomware attacks, data breaches, infrastructure disruptions—and they are wondering how these incidents could impact the companies that they invest in. Shareholders are about to get a lot more information from companies in the months ahead. In July 2023, the U.S.

After years of debates, discussions, and negotiation delays, the Central Government of India published its Digital Personal Data Protection Act, 2023 (DPDP) on August 11, 2023. In its last week before being enacted, the Act rapidly passed throughout both houses of Parliament and was ascended into publication by President Droupadi Murmu. India is the 19th country within the Group of 20 (G20) to pass a comprehensive data protection law.

In the face of increasingly impactful malicious attacks, governments of leading economies have turned their attention to the software supply chain security. Regulations like the EU’s Digital Operational Resilience Act (DORA) for financial institutions and the Cyber Resilience Act (CRA) for software and hardware providers Australia’s 2023-2030 cybersecurity strategy, and the U.S.

In an era where digital innovation has become the lifeblood of businesses, cybersecurity has taken center stage in the corporate world. The Australian Prudential Regulation Authority (APRA) recognized this need and introduced CPS 234, a regulation that puts cybersecurity at the forefront of APRA-regulated entities. APRA is currently conducting an independent tripartite cyber assessment of compliance with CPS234, which took effect in 2019.

Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.