All data protection regulation related articles
Data protection legislation is seen as a way for governments to take back control over data security which has suffered critical hits in recent years with major breaches making headlines on a weekly basis. Regulations are a natural reaction to these real-world threats that companies seem powerless to stop. Governments hope that through the enforcement of tougher data protection policies, companies unwilling to take extra measures to ensure data protection will be brought to higher overall standards.
While this goal in itself seems necessary given recent developments, how will these new legislations translate into the business world and how will they affect business growth and the push for innovation? There is a marked concern in business circles that cumbersome overly restrictive data protection regulations, such as the EU’s General Data Protection Regulation (GDPR)…Read more
The EU’s new General Data Protection Regulation (GDPR) is coming into effect on 25 May 2018 and will have wide-ranging consequences on a global scale, affecting all businesses that trade with the European Union, from within or outside its borders. From among non-EU countries, US businesses in particular have been actively taking steps to ensure that they comply with the new regulation.
With the United States having a number of regulations in place for data protection itself, does that mean companies already compliant with national regulations will find it easier to adjust to GDPR requirements? Let’s have a look at data protection regulations on both sides of the Atlantic to find out.The European Union under the GDPR
The most important and talked about change in data protection regulation in Europe in the last twenty years, the GDPR has set off a race for compliance among companies…Read more
With 2017 coming to an end, the clock is ticking closer to the implementation of the EU’s new General Data Protection Regulation (GDPR) on May 25th 2018. While interest in issues of compliance surrounding the dreaded new legislation has soared in recent months, a great number of companies have yet to take concrete measures to ensure their businesses are up to the new standards before the deadline.
So what does it take to start your journey to compliance? Here is a short compliance check to get you started!
Whether your company is located within the European Union or outside it, you are required to comply with all requirements of the GDPR if any of your customers are EU data subjects. You must also bear in mind that the GDPR restricts cross-border data transfer outside the EU. For free data flow to occur cross-border, a third country must be deemed to have an adequate level of data protection …Read more
The enforcement of the EU General Data Protection Regulation (GDPR) is less than ten months away and companies across the EU and international businesses with European customers are already taking steps to achieve compliance. While some are still bewildered by its legal jargon, many tech companies and news outlets have come to the rescue providing extensive guides and infographics to help businesses understand what GDPR is, what its requirements mean for everyday company operations and how they can get started on the road to compliance. We, at Endpoint Protector, have also put together a handy guide and an informational video about GDPR compliance.
In short, the GDPR is the most notable change in data privacy regulation in Europe in the last 20 years and its purpose is to protect EU citizens’ private data, solidifying their right to demand that data controllers and processors delete,…Read more
Last year, New York became the 1st state that proposed cyber security regulations for the financial organisations. This year, on March 1st, the New York Department of Financial Services (NYDFS) Cybersecurity Requirements came into effect.
This new regulation requires financial institutions like banks and insurance companies, and others to establish and maintain cybersecurity programs in order to protect consumers’ private data. Financial organisations have an 180-days transition period to enhance their infosec implementation in order to protect their Information Systems and Nonpublic Information (NPI). By August 28, 2017, must have a cybersecurity program in place and starting February 15, 2018, they must be able to demonstrate they are compliant by submitting annual Certifications of Compliance.What is the Information…Read more
Financial institutions often deal with data breaches due to the huge value financial records hold for external attackers or malicious insiders. A data security incident in financial organizations can have multiple negative ramifications for both the organization and the owners of the leaked data.
Last year a series of data breaches occurred in the financial sector: Citizens Bank, Nationstar Mortgage, Central Bank of Russia, TD Bank, Bangladesh Bank, and many others. One of the major causes was the significant rise of phishing attacks, especially CEO spear phishing, resulting in the breach of confidential data, starting from PII, dates of birth, home addresses, e-mail addresses, credit card numbers, social security numbers, etc.
According to pcicomplianceguide.org, the Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards…Read more
There is still time until 2018, but have you sketched a game plan yet? The General Data Protection (GDPR) regulation makes a big statement about individuals’ private data and their right to request data controllers and processors to delete, correct, and forward their data. In consequence, GDPR comes with significant changes compared to the Data Protection Directive 95/46/EC involving operational changes in organizations. So, if you haven’t started to prepare for the new regulation, you better start today.
Let’s see how the game plan would look like in order to maximize your chances of getting to the finish line without spending too many resources.1. Make sure key people are aware of the changes
Chief Security Officers, IT Managers, CEOs, business unit managers, etc. have to be informed of the legal changes the GDPR imposes and should make sure they translate them into plain,…Read more
Depending on your specific industry and geographic location, there are several rules and regulations on data protection your company has to comply with. This is nothing new, as PCI, SOX, GBLA, PIPED, Basel II or HIPAA compliance have been around for some time. The Data Protection Directive (aka Directive 95/46/EC) is also nothing new as it was adopted by the European Union in 1995. Unlike a Directive that needs national legislation to implement, a Regulation will span across all EU member states. It applies to small and medium companies just like it does for multinationals. It also applies to any company that has information about any European citizen so anybody that is doing business within the EU will have to comply with it.
Let’s take a look at some of the other changes the upcoming regulation will bring and find out why we shouldn’t fear it.A lot has changed since 1995 so why not the…Read more