Data protection regulators have issues €114 million in fines so far under the 2018 General Data Protection Regulation. The latest findings from DLA Piper found that over 160,000 data breach notifications have been reported across the European Union since the regulation came into effect on May 25, 2018. Geographically speaking, fines were the highest in France (€51m), Germany (€24.5m) and Austria (€18m).

The New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act) or Senate Bill 5575, was enacted on July 25, 2019 as an amendment to the New York State Information Security Breach and Notification Act. The law goes into effect on March 21, 2020. The motivation behind the SHIELD Act is to update New York's data breach notification law to keep pace with current technology.

The NIS Directive is the first EU horizontal legislation addressing cybersecurity challenges and a true game-changer for cybersecurity resilience and cooperation in Europe. The Directive has three main objectives. The NIS Directive is the cornerstone of the EU’s response to the growing cyber threats and challenges which are accompanying the digitalization of our economic and societal life.

In the first part of this series, I explained what is DSAR and why the organizations should care about it. Now, let’s take a look at how the process can be perceived by the customers. Our recent GDPR benchmark research shows that the road can be tortuous.

The Federal Information Security Management Act of 2002 (FISMA) is a United States federal law that defines a comprehensive framework to protect government information, operations and assets against natural and manmade threats. FISMA was enacted as part of the E-Government Act of 2002.

Dr. Maxine Henry, one of Reciprocity’s renowned GRC experts, led a webinar on the California Consumer Protection Act (CCPA). This sweeping legislation creates data privacy rights for covered consumers—which means it also imposes obligations on businesses to safeguard personal information. Before implementation on January 1, 2020, Dr. Henry discusses how to prepare.

CCPA is the latest regulation which should be a concern for all companies with California residents in their databases. There are less than 90 days left to be ready to comply with CCPA, on top of the other regulations.

In January, I’ll start a new game: ask a company to retrieve all the information they have about me in less than 45 days. One of the requirements of CCPA, is to be able to reply to a customer request to have access to all the data you have about them in less than 45 days. These are called the Verifiable Customer Requests. You may be able to complete 10, 20 replies. But what if you received 10 every day? What does it take to keep your customers happy and being compliant?

In the digital age, more often than not, you can be sure that some enterprise has hold of your personal information. This information could be your name, email, phone number, IP address, country and other details. This can come from submitting a form, subscribing to a newsletter, accepting cookies, accepting the privacy policy or terms and conditions when creating an account or downloading software.

GDPR is a landmark in privacy jurisdiction. Through its 99 articles, it sets a framework for both businesses and individuals on their rights and responsibilities when it comes to protecting privacy. The most important element in my opinion is that privacy functions a fundamental human right and needs to be protected.