The GDPR compliance has the most rigorous privacy policies and security laws. It’s origin is in the EU. However, every cloud-hosted company has to comply with it to conduct business with EU citizens.

When asked why he robbed banks, Willie Sutton, one of the first fugitives named to the U.S. FBI’s most wanted list, reportedly replied, “Because that’s where the money is.” As any infosec professional working for a financial institution can tell you, loads of cybercriminals will likely agree with that sentiment. Banks and similar organizations are no stranger to cyber threats.

With the advent of the Digital Personal Data Protection Act (DPDP Act) in 2023, India has taken a significant step towards safeguarding the rights of individuals, termed as ‘Data Principals’, over their personal data. This blog post aims to shed light on the rights and protections offered to Data Principals under the DPDP Act, a landmark legislation that is reshaping the landscape of data privacy in India.

In the dynamic realm of data protection, understanding the consequences of non-compliance is crucial. The Digital Personal Data Protection (DPDP) Act of 2023 has set forth stringent penalties for those who fail to adhere to its provisions. We’ve delved into this new act in our series of blog posts.

With many nuances to consider, adhering to the General Data Protection Regulation (GDPR) requirements can be a daunting task. After all, the entirety of the GDPR consists of a whopping 99 Articles. Fortunately, by following a GDPR security checklist, you can help your organization ensure that all required facets of data security are covered without sifting through pages and pages of legalese.

Jeremy King is a partner at Olshan Frome Wolosky. He wrote an article for Bloomberg where he analyzed cyber risk management issues that companies should prioritize in response to new SEC reporting requirements for cybersecurity incidents and threats. Here is a quick summary and I suggest you send the link to your InfoSec budget holder so that they can assess the importance. Ransomware is a big deal these days.

Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a party!). But the funny thing about the effective date of the then-new General Data Protection Regulation (GDPR) was that many saw it as a date to dread.

The push for data privacy has exploded in recent years, with regulations such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) leading the charge. This means consumers around the globe are gaining rights regarding how their data is collected, stored, processed and sold, as well as more ways to hold companies accountable when poor data security practices lead to data breaches involving personally identifiable information (PII).

Deploying software and hoping it’s “safe enough” isn’t a measurable security strategy. It’s certainly not something that’s going to bode well when the time comes to disclose processes and practices for managing cybersecurity risks.

There are a variety of cybersecurity regulations in Europe, including the ePrivacy Directive, which focuses on enhancing data protection, processing personal data, and privacy in the digital age. This Directive, recently updated with the ePrivacy regulation, continues the European Union’s ongoing efforts to create cohesive and comprehensive European data protection and cybersecurity standards across all member states.