Compliance News, Articles and Updates

GDPR - Are you perhaps thinking "What's all the fuss about?"

Ignoring GDPR is not an option.Richard Menear notes how history has shown us that the regulators will be looking for a few companies where they can impose a big fine to set an example for the rest of the industry.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

Human rights organisations declare EU-US privacy shield invalid

US surveillance practices render EU-US Privacy Shield ineffective according to a recent letter from Amnesty International and Human Rights Watch.

Interview: Abeer Khedr, InfoSec director at National Bank of Egypt

Abeer Khedr has been the Information Security Director at National Bank of Egypt (NBE) since 2010. Since its birth in 1898 with a capital of £1 million, NBE is regarded as one of the oldest and most respected commercial banks in Egypt. SC's Ali Taherian caught up with Khedr to talk about some of the specific problems and solutions she deals with day to day.

Lords EU committee: no "clean break" when it comes to data protection

A new report from the House of Lords maps the data protection landscape post Brexit, and offers several warnings.

Getting to grips with your data in the face of the EU GDPR

Richard Whomes looks at how companies must ensure that they can access and view data across the entire IT estate, to comply with the EU GDPR.

ICO sets out international vision and route to GDPR compliance

The ICO has released its international strategy, plotting its plans for Brexit and GDPR compliance.

Don't fear GDPR - it's the key to create a culture of secure IT

Gordon Morrison discusses how GDPR is a once in a lifetime opportunity to overhaul cyber processes.

As SME games company is fined 60k, ICO promises that none will be spared

A Northamptonshire games company has been fined, as an example that any, big or small, who break the rules will be dealt with accordingly says ICO.

ICO fines grocers Morrisons for sending unwanted emails to customers

The Information Commissioner's Office (ICO) has run an investigation and concluded that Morrisons intentionally sent thousands of marketing emails to its card members.

Regs slam electoral office after data theft of ALL Hong Kong voters

The Hong Kong electoral commision has been criticised by privacy regulators after two laptops were stolen containing the information of all of Hong Kong's voters.

UK far behind other European countries in regard to GDPR compliance

British businesses are the most unprepared for GDPR compliance, according to new findings from Sophos.

Struggle is real: UK businesses unprepared for cyber-attack response

Businesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don't have a response plan - or don't even know whether or not they have one.

InfoSec 2017: Can you purchase your way to GDPR compliance?

In a room full of people selling boxes to help with GDPR compliance, SC was told there is no box that can make you GDPR compliant.

Sharp rise in ICO fines and enforcement notices as GDPR races closer

The UK data protection regulator doubled the total value of fines it issued in 2016 while enforcement notices grew by 155 percent.

UK Government to ask for anti-encryption powers post-Manchester attack

The UK government is expected to ask for encryption defeating powers in the wake of last week's deadly terrorist attack in Manchester.

US DoJ asks Congress for power to serve international data warrants

The Department of Justice is asking the US Congress to pass a law which would allow it to make reciprocal agreements with foreign governments to issue warrants to seize data in other countries.

GDPR: An opportunity for change, rather than just a compliance burden

Nick Taylor discusses what GDPR mandates businesses to do and the challenges they face in complying.

Deadline looms for GDPR compliance - one year to go for enforcement

A year today - May 25th 2018 - the EU's new General Data Protection Regulation (GDPR) will end its honeymoon period and be enforced - potentially harshly.

Won't someone think of the children? GDPR 'ambiguous' over children

A children's rights expert has called up the GDPR for its lack of clarity over the protection of children's data.

FTSE 100 could face billions in fines for GDPR non-compliance

New research has shown what the true cost of non-compliance could be for large companies under the GDPR.

Data 'dark arts' prompts ICO to investigate campaigning practices

The Information Commissioner's Office have opened an investigation into the use of data in political campaigning after new revelations about practices within the EU Referendum Leave campaign.

UK consumers have lost trust in businesses that mishandle data

Two-thirds of the UK public have lost trust in or even boycotted businesses that mishandle data.

US and Europe more prepared for fast-approaching GDPR than the UK

Despite the General Data Protection Regulation (GDPR) coming into effect 12 months from now, the majority of European and US businesses are still inadequately prepared and at risk of incurring costly non-compliance fines.

Facebook handed French fines as European regs pile on the punishment

Facebook has been smacked across the face with the largest fine possible in France, and other European regulators are lining up to get their pound of flesh.

UK financial services firms must do better to protect customer data

The growing cyber-threat landscape makes protecting sensitive customer and company information vital, and it will only increase with GDPR coming next May.

UK consumers have concerns about personal data in the hands of brands

With two-thirds (67 percent) of UK consumers concerned about how brands use their personal information, brands face a growing battle to offer personalised services online.

SC Roundtable: Ensure you can respond within 72 hours of a breach by acting now

SC's April roundtable brought together industry professionals to talk about advent of the GDPR and how to be ready to identify and and report those breaches.

Information Commissioner notes confusion over 'Consent' in GDPR

The UK's data protection watchdog has noted a great deal of confusion around the concept of 'Consent' drawn out in landmark European regulation set to hit Britain's shores next year.

US Regulator orders security companies to stop misrepresenting themselves

A US consumer protection regulator has ordered three security companies to stop misrepresenting themselves as participants in a major US-Asia privacy agreement.