Compliance News, Articles and Updates

Confusion reigns as GDPR deadline looms - but it's not too late to act

There is a general lack of understanding amongst IT professionals regarding exactly what they needed to change in everyday processes to achieve regulatory compliance (under GDPR).

Implementing the Network & Information Security directive - be prepared

There is enough information now available from the NCSC to allow organisations to start identifying the gaps in their NIS directive approach and understand the risks these pose.

PCI DSS 2018: What does the future hold?

The vision is that Card Not Present transactions will be increasingly deflected onto other payment channels, completely bypassing the use of card numbers at the website/call centre.

Coding protection directly into your data

Data breaches often stem from poorly-managed records. By encoding critical information about the records into the files themselves, companies can create a platform for security, efficiency and cost management.

The minimum you need to do before GDPR goes live: 4 stages to compliance

GDPR: It's important to put data intelligence tools in place that will allow you not only to conduct an audit of the data you have collected in the past but also address compliance in the future says Rob Perry.

Regulatory compliance: Are small-to-medium sized businesses ready?

SMBs in the UK with operations or supply chain in the EU need to focus their attention on GDPR and security posture; there is a level of scrutiny around data management that many SMBs are unlikely to have experienced before.

Data protection - are you seeing the big picture? Or swamped in minutiae?

Focus on the big picture of what GDPR and DPB are trying to achieve, and not the minutiae of a document.advises Marco Dos Santos.

Before chewing through Compliance, nibble the Critical Security Controls

Unlike compliance mandates, the Center for Internet Security's Critical Security Controls enable you to easily see where holes exist in your current security armoury before you engage external expertise says Mark Kedgley

IP Expo: GDPR - "All of us will carry a quantum of illegality"

GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.

Cracking the GDPR compliance conundrum in local government

Before you start looking at GDPR you need to understand what PII data you have, where it is, who has access, who it is shared with, and ultimately, how you can best manage it according to GDPR requirements says Julian Cook.

Managing data security in a multi-cloud environment: control & compliance

As organisations continue to embrace the benefits offered by diverse multi-cloud environments, it's essential that they're aware of how best to achieve both compliance and control says Peter Galvin.

GDPR - Are you perhaps thinking "What's all the fuss about?"

Ignoring GDPR is not an option.Richard Menear notes how history has shown us that the regulators will be looking for a few companies where they can impose a big fine to set an example for the rest of the industry.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

Human rights organisations declare EU-US privacy shield invalid

US surveillance practices render EU-US Privacy Shield ineffective according to a recent letter from Amnesty International and Human Rights Watch.

Interview: Abeer Khedr, InfoSec director at National Bank of Egypt

Abeer Khedr has been the Information Security Director at National Bank of Egypt (NBE) since 2010. Since its birth in 1898 with a capital of £1 million, NBE is regarded as one of the oldest and most respected commercial banks in Egypt. SC's Ali Taherian caught up with Khedr to talk about some of the specific problems and solutions she deals with day to day.

Lords EU committee: no "clean break" when it comes to data protection

A new report from the House of Lords maps the data protection landscape post Brexit, and offers several warnings.

Getting to grips with your data in the face of the EU GDPR

Richard Whomes looks at how companies must ensure that they can access and view data across the entire IT estate, to comply with the EU GDPR.

ICO sets out international vision and route to GDPR compliance

The ICO has released its international strategy, plotting its plans for Brexit and GDPR compliance.

Don't fear GDPR - it's the key to create a culture of secure IT

Gordon Morrison discusses how GDPR is a once in a lifetime opportunity to overhaul cyber processes.

As SME games company is fined 60k, ICO promises that none will be spared

A Northamptonshire games company has been fined, as an example that any, big or small, who break the rules will be dealt with accordingly says ICO.

ICO fines grocers Morrisons for sending unwanted emails to customers

The Information Commissioner's Office (ICO) has run an investigation and concluded that Morrisons intentionally sent thousands of marketing emails to its card members.

Regs slam electoral office after data theft of ALL Hong Kong voters

The Hong Kong electoral commision has been criticised by privacy regulators after two laptops were stolen containing the information of all of Hong Kong's voters.

UK far behind other European countries in regard to GDPR compliance

British businesses are the most unprepared for GDPR compliance, according to new findings from Sophos.

Struggle is real: UK businesses unprepared for cyber-attack response

Businesses in the UK are struggling to face the looming threat of cyber-attacks, with nearly a third of C-level executives admitting they don't have a response plan - or don't even know whether or not they have one.

InfoSec 2017: Can you purchase your way to GDPR compliance?

In a room full of people selling boxes to help with GDPR compliance, SC was told there is no box that can make you GDPR compliant.

Sharp rise in ICO fines and enforcement notices as GDPR races closer

The UK data protection regulator doubled the total value of fines it issued in 2016 while enforcement notices grew by 155 percent.

UK Government to ask for anti-encryption powers post-Manchester attack

The UK government is expected to ask for encryption defeating powers in the wake of last week's deadly terrorist attack in Manchester.

US DoJ asks Congress for power to serve international data warrants

The Department of Justice is asking the US Congress to pass a law which would allow it to make reciprocal agreements with foreign governments to issue warrants to seize data in other countries.

GDPR: An opportunity for change, rather than just a compliance burden

Nick Taylor discusses what GDPR mandates businesses to do and the challenges they face in complying.

Deadline looms for GDPR compliance - one year to go for enforcement

A year today - May 25th 2018 - the EU's new General Data Protection Regulation (GDPR) will end its honeymoon period and be enforced - potentially harshly.