Tag: GDPR

AI Compliance Tools: What to Look For FireTail Blog

Jan 30, 2026 8:42 PM

Tags: ai, antivirus, api, attack, automation, backdoor, business, cloud, compliance, control, credit-card, data, defense, email, finance, framework, GDPR, governance, grc, guide, identity, injection, intelligence, jobs, LLM, login, malicious, mitre, network, nist, okta, remote-code-execution, risk, risk-management, siem, software, threat, tool, training, unauthorized, vulnerability

Jan 30, 2026 – Alan Fagan – Quick Facts: AI Compliance ToolsManual tracking often falls short: Spreadsheets cannot track the millions of API calls and prompts generated by modern AI systems.Real-time is required: The best AI compliance tools monitor live traffic, not just static policy documents.Framework mapping matters: Firetail automatically maps activity to the OWASP…
France Fines National Employment Agency Euro5m Over 2024 Data Breach

Jan 29, 2026 6:25 PM

Tags: breach, data, data-breach, GDPR

The French data protection regulator said that France Travail’s response to a 2024 data breach violated GDPR First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/france-finesemployment-agency-5m/
Europe’s GDPR cops dished out Euro1.2B in fines last year as data breaches piled up

Jan 22, 2026 4:30 PM

Tags: breach, data, data-breach, GDPR, law

Regulators logged over 400 personal data breach notifications a day for first time since law came into force First seen on theregister.com Jump to article: www.theregister.com/2026/01/22/europes_gdpr_cops_dished_out/
Over 160,000 Companies Notify Regulators of GDPR Breaches

Jan 22, 2026 12:30 PM

Tags: breach, GDPR

DLA Piper finds 22% increase in breached firms notifying European GDPR regulators First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/160000-companies-regulator-gdpr/
Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace

Jan 22, 2026 9:30 AM

Tags: access, attack, ciso, cloud, compliance, computing, container, control, data, defense, dora, email, encryption, GDPR, google, Hardware, healthcare, identity, infrastructure, law, malware, network, privacy, regulation, resilience, risk, service, software, strategy, zero-trust

Securing the Future: Practical Approaches to Digital Sovereignty in Google Workspace madhav Thu, 01/22/2026 – 04:35 In today’s rapidly evolving digital landscape, data privacy and sovereignty have become top priorities for organizations worldwide. With the proliferation of cloud services and the tightening of global data protection regulations, security professionals face mounting pressure to ensure their…
For cyber risk assessments, frequency is essential

Jan 21, 2026 8:32 AM

Tags: access, authentication, backup, breach, ciso, cloud, compliance, cyber, cyberattack, cybersecurity, data, data-breach, exploit, framework, GDPR, infrastructure, mitigation, network, password, radius, ransomware, regulation, risk, risk-assessment, risk-management, strategy, tool, vulnerability

Identifying vulnerabilities: A cyber risk assessment helps to identify security gaps in a company’s IT infrastructure, networks, and systems. This provides the opportunity to eliminate these vulnerabilities before they can be exploited by cybercriminals.Prioritize risk management measures: Not every system is critical, and not all of a company’s data is equally important. The results of the risk…
France fines telcos Euro42M for sub-par security prior to 24M customer breach

Jan 14, 2026 7:11 PM

Tags: breach, control, GDPR

Three major GDPR violations, including a lack of basic security controls, lead to hefty dent in profits First seen on theregister.com Jump to article: www.theregister.com/2026/01/14/france_fines_free_free_mobile/
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
The 2 faces of AI: How emerging models empower and endanger cybersecurity

Jan 8, 2026 8:02 PM

Tags: ai, api, attack, compliance, credentials, cyber, cybersecurity, data, deep-fake, defense, detection, endpoint, espionage, exploit, finance, flaw, framework, GDPR, google, governance, government, group, guide, hacker, HIPAA, incident response, injection, intelligence, LLM, malicious, malware, mandiant, microsoft, network, PCI, penetration-testing, privacy, risk, russia, scam, security-incident, service, social-engineering, strategy, tactics, threat, tool, vulnerability, zero-day

Self-modifying, evasive malware More recently, the researchers at Google Threat Intelligence Group (GTIG) identified a disturbing new trend: malware that uses LLMs during execution to dynamically alter its own behavior and evade detection. This is not pre-generated code, this is code that adapts mid-execution.In June 2025, GTIG identified an experimental malware called PROMPTFLUX, which connects…
8 things CISOs can’t afford to get wrong in 2026

Jan 7, 2026 8:52 AM

Tags: access, advisory, ai, attack, automation, awareness, breach, business, ciso, cloud, communications, compliance, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, dora, encryption, finance, firmware, GDPR, healthcare, identity, incident response, india, infrastructure, injection, insurance, intelligence, iot, jobs, law, malicious, monitoring, network, privacy, ransom, regulation, resilience, risk, saas, scam, service, software, strategy, supply-chain, tactics, technology, theft, threat, tool, training, update, vulnerability, zero-trust

“Identity and access controls for AI agents and AI platforms are one of the most important areas of concern for CISOs,” says Jason Stading, director at global technology research and advisory firm ISG. “Right now, permissions and access rights for AI are a black box in many areas. We will see a major push over…
Why outsourced cyber defenses create systemic risks

Dec 23, 2025 3:19 PM

Tags: access, ai, attack, backdoor, breach, business, ciso, cloud, compliance, corporate, cyber, cybercrime, cybersecurity, data, defense, detection, dora, exploit, finance, framework, GDPR, governance, government, hacker, healthcare, infrastructure, law, malicious, monitoring, moveIT, msp, nis-2, ransomware, regulation, resilience, risk, software, strategy, supply-chain, threat, tool, vulnerability, zero-trust

Risk categories of outsourced IT & cybersecurity: When you outsource, responsibility shifts, but accountability never leaves you. The risks fall into clear categories. Operational risks The most basic risk is fragile continuity. In 2017, British Airways outsourced parts of its IT operations. A system outage grounded flights worldwide. The vendor contract delivered savings, but it…
The innovative CISO’s bucket list: Human-led transformation at the core

Dec 18, 2025 11:19 PM

Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, tool

Building a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
The innovative CISO’s bucket list: Human-led transformation at the core

Dec 18, 2025 11:19 PM

Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, tool

Building a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
The innovative CISO’s bucket list: Human-led transformation at the core

Dec 18, 2025 11:19 PM

Tags: ai, application-security, breach, business, ciso, cloud, compliance, control, data, defense, GDPR, governance, group, privacy, regulation, resilience, risk, risk-management, threat, tool

Building a unified, integrated defense: The second major bucket list theme is breaking down the silos that perpetually plague security organizations. Application security (AppSec), cloud security (CloudSec) and governance, risk and compliance (GRC) groups all work from different spreadsheets and tools and often with different objectives. This model is inefficient, expensive and leaves massive gaps…
Empowering Security and Control: Thales CipherTrust Cloud Key Management Integrates with Oracle Fusion Cloud Services

Dec 11, 2025 1:32 PM

Tags: access, ai, automation, best-practice, business, cloud, compliance, computing, container, control, data, data-breach, encryption, finance, GDPR, governance, government, guide, healthcare, HIPAA, intelligence, network, oracle, PCI, resilience, risk, service, software, strategy, supply-chain, tool, zero-trust

Empowering Security and Control: Thales CipherTrust Cloud Key Management Integrates with Oracle Fusion Cloud Services madhav Thu, 12/11/2025 – 06:50 In a landscape where the safeguarding of sensitive information is paramount, the collaboration between Thales and Oracle Fusion Cloud Services helps create operational independence, data sovereignty, and uncompromising control for organizations worldwide. At Thales, our…
Empowering Security and Control: Thales CipherTrust Cloud Key Management Integrates with Oracle Fusion Cloud Services

Dec 11, 2025 1:32 PM

Tags: access, ai, automation, best-practice, business, cloud, compliance, computing, container, control, data, data-breach, encryption, finance, GDPR, governance, government, guide, healthcare, HIPAA, intelligence, network, oracle, PCI, resilience, risk, service, software, strategy, supply-chain, tool, zero-trust

Empowering Security and Control: Thales CipherTrust Cloud Key Management Integrates with Oracle Fusion Cloud Services madhav Thu, 12/11/2025 – 06:50 In a landscape where the safeguarding of sensitive information is paramount, the collaboration between Thales and Oracle Fusion Cloud Services helps create operational independence, data sovereignty, and uncompromising control for organizations worldwide. At Thales, our…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
The Changing Threat Landscape for Retailers: Why is data security working harder than last year?

Nov 20, 2025 9:49 PM

Tags: access, ai, api, application-security, attack, automation, breach, business, cloud, compliance, container, control, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, GDPR, hacker, ibm, incident, intelligence, Internet, malicious, malware, monitoring, PCI, phishing, privacy, programming, ransom, ransomware, regulation, risk, risk-management, saas, security-incident, service, social-engineering, software, strategy, supply-chain, tactics, threat, tool, unauthorized, vulnerability

The Changing Threat Landscape for Retailers: Why is data security working harder than last year? madhav Thu, 11/20/2025 – 08:37 It’s the 2025 holiday shopping season, and retailers everywhere are geared up for the rush of online customers. From late November to January, which includes Black Friday, Cyber Monday, Christmas shopping, and end-of-season sales, is…
Regulatory Landscape: DMARC, GDPR, DORA What Businesses Need to Know in 2025

Nov 20, 2025 6:49 PM

Tags: compliance, dmarc, dora, GDPR

Originally published at Regulatory Landscape: DMARC, GDPR, DORA & What Businesses Need to Know in 2025 by Amanda E. Clark. In 2025, compliance is key to remaining in … First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/regulatory-landscape-dmarc-gdpr-dora-what-businesses-need-to-know-in-2025/
Is your password manager truly GDPR compliant?

Nov 20, 2025 7:49 AM

Tags: GDPR, password

Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/passwork-password-manager-gdpr-compliant/
Is your password manager truly GDPR compliant?

Nov 20, 2025 7:49 AM

Tags: GDPR, password

Passwords sit at the core of every critical system, but many organizations still overlook how fragile their password workflows can be. When something goes wrong, security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/passwork-password-manager-gdpr-compliant/
Google Play Store’s privacy practices still confuse Android users

Nov 20, 2025 7:49 AM

Tags: android, GDPR, google, privacy

Privacy rules like GDPR and CCPA are meant to help app stores be clearer about how apps use your data. But in the Google Play Store, those privacy sections often leave people … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/google-play-store-privacy-practices/
APIs, Microservices and Risk Management FireTail Blog

Nov 20, 2025 1:46 AM

Tags: access, ai, api, attack, authentication, best-practice, breach, business, compliance, data, detection, encryption, endpoint, firewall, framework, GDPR, guide, injection, LLM, monitoring, network, programming, regulation, risk, risk-management, service, software, strategy, threat, tool, unauthorized, update

Nov 19, 2025 – Alan Fagan – Although microservices are widespread, they are often misunderstood by business leaders. While they present substantial benefits, they also have the potential to introduce new risks into the API environment. Understanding the benefits and risks of microservice utilization is a major step towards effective product development, so today, we’re…
APIs, Microservices and Risk Management FireTail Blog

Nov 20, 2025 1:46 AM

Tags: access, ai, api, attack, authentication, best-practice, breach, business, compliance, data, detection, encryption, endpoint, firewall, framework, GDPR, guide, injection, LLM, monitoring, network, programming, regulation, risk, risk-management, service, software, strategy, threat, tool, unauthorized, update

Nov 19, 2025 – Alan Fagan – Although microservices are widespread, they are often misunderstood by business leaders. While they present substantial benefits, they also have the potential to introduce new risks into the API environment. Understanding the benefits and risks of microservice utilization is a major step towards effective product development, so today, we’re…
European Commission ‘simplification’ proposal would weaken GDPR, AI regulations

Nov 19, 2025 6:49 PM

Tags: ai, data, GDPR, regulation, risk, training

Under the proposal, the EU would weaken data protection rules by delaying when regulations governing high-risk AI systems take effect and allowing companies to use personal data for AI training without prior consent from users in most circumstances. First seen on therecord.media Jump to article: therecord.media/european-commission-proposal-gdpr-ai-simplification
EU sets out plans to cut red tape on digital

Nov 19, 2025 6:49 PM

Tags: ai, compliance, cyber, GDPR

Changes have been proposed to simplify AI Act compliance for smaller businesses, easier cyber security reporting and tweaks to GDPR First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366634698/EU-sets-out-plans-to-cut-red-tape-on-digital
Overcome the myriad challenges of password management to bolster data protection

Nov 19, 2025 2:23 PM

Tags: access, attack, authentication, automation, backup, best-practice, breach, business, cio, cloud, compliance, control, cyberattack, data, data-breach, gartner, GDPR, identity, infrastructure, international, kaspersky, mfa, password, risk, software, technology, tool, update

[1]And both enterprises and small and mid-sized businesses have already made significant investments in authentication, access controls and identity and access management (IAM).[2]But these investments are not effective without robust passwords. At the same time, password management is a cost for IT and security teams, and an inconvenience for technology users.The scale of the problem…
JWT Governance for SOC 2, ISO 27001, and GDPR, A Complete Guide

Nov 17, 2025 11:49 AM

Tags: best-practice, framework, GDPR, governance, guide, ISO-27001, soc

how proper JWT governance helps your organization stay compliant with SOC 2, ISO 27001, and GDPR. Explore best practices, governance frameworks, and how SSOJet ensures secure token management. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/11/jwt-governance-for-soc-2-iso-27001-and-gdpr-a-complete-guide/
GDPR Data Subject Rights in 2025-and Beyond

Nov 13, 2025 3:49 PM

Tags: data, GDPR

The post <b>GDPR Data Subject Rights in 2025-and Beyond</b> appeared first on Sovy. First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/11/gdpr-data-subject-rights-in-2025-and-beyond/
Unlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management

Nov 13, 2025 1:49 PM

Tags: access, automation, cloud, compliance, container, control, cyber, cyberattack, data, encryption, finance, framework, GDPR, HIPAA, infrastructure, PCI, risk, service, software, strategy, threat, tool

Unlocking Cloud Security: Introducing the New AWS Key Rotation Feature in CipherTrust Cloud Key Management madhav Thu, 11/13/2025 – 05:12 How Automated Key Management Empowers Customers and Elevates Data Protection Encryption Scotti Woolery-Price – Partner Marketing Manager, Thales More About This Author > How Automated Key Management Empowers Customers and Elevates Data Protection In today’s…