Tag: GDPR
-
EU’s GDPR Article 7 Poses New Challenges for Businesses To Secure AI-Generated Image Data
As businesses worldwide embrace digital transformation, the European Union’s General Data Protection Regulation (GDPR), enacted in 2018, remains a cornerstone of data privacy and security. A recent safety report highlighting the rapid advancement of artificial intelligence (AI) has renewed focus on GDPR compliance, particularly Article 7, which governs consent requirements for handling personal data, including…
-
10 things you should include in your AI policy
Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, updateInput from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
-
Europe preparing to ‘ease the burden’ of landmark data privacy law
EU officials say it’s possible to make GDPR compliance easier for smaller organizations while ensuring that data privacy rules still work as intended. First seen on therecord.media Jump to article: therecord.media/eu-proposal-changes-gdpr-small-medium-businesses
-
Navigating Saudi Arabia’s Personal Data Protection Law (PDPL): A Guide to Compliance
Tags: access, ai, compliance, control, data, GDPR, governance, guide, identity, intelligence, law, monitoring, privacy, serviceNavigating Saudi Arabia’s Personal Data Protection Law (PDPL): A Guide to Compliance madhav Thu, 04/03/2025 – 04:30 The Kingdom of Saudi Arabia (KSA) has taken a significant step towards bolstering data protection with its Personal Data Protection Law (PDPL), marking a pivotal moment in the region’s digital landscape. The PDPL, enforced by the Saudi Data…
-
How can I align our NHI management with GDPR and other standards?
Is Your NHI Management GDPR Compliant? It isn’t just humans who have identities, but machines as well. In-depth understanding and control over NHIs provide organizations with an upper hand in maintaining stringent cybersecurity measures. But have you ever paused to question how Non-Human Identities management aligns with GDPR and other comparable standards? NHI Management and……
-
Understanding RDAP: The Future of Domain Registration Data Access
Tags: access, api, attack, authentication, china, compliance, control, cyber, cybercrime, cybersecurity, data, detection, exploit, framework, fraud, GDPR, incident response, infrastructure, intelligence, Internet, law, malicious, malware, phishing, privacy, regulation, service, threat, tool, vulnerability -
Violent ChatGPT Hallucination Sparks GDPR Complaint
Norwegian Man Tells OpenAI: I Didn’t Kill My Children. A Norwegian man is peeved that a chatbot hallucinated a violent backstory for his life after seeing that ChatGPT apparently believes he’s a child killer spending decades inside prison. The fact that someone could read this output and believe it is true is what scares me…
-
Persönliche Apps und GenAI stellen ein erhebliches Risiko für den Schutz von regulierten Daten im Finanzdienstleistungssektor dar
Netskope Threat Labs gibt in der DACH-Region das Ausmaß der Nutzung von Personal-Apps und GenAI im Finanzdienstleistungssektor bekannt. Das Unternehmen warnt vor dem Risiko, das diese für regulierte Daten (Daten, die unter Vorschriften wie die GDPR fallen) darstellen. Die Ergebnisse stammen aus dem aktuellen Threat-Labs-Report von Netskope, der die neuesten Cybersicherheitstrends im Finanzdienstleistungssektor untersucht. Die…
-
The State of Digital Trust in 2025 Consumers Still Shoulder the Responsibility
Tags: access, ai, authentication, banking, breach, captcha, cloud, compliance, control, cyber, data, deep-fake, encryption, finance, fintech, framework, GDPR, government, healthcare, identity, india, insurance, law, login, malicious, metric, mfa, mitigation, password, privacy, regulation, resilience, risk, service, software, strategy, switch, technology, threat, toolThe State of Digital Trust in 2025 – Consumers Still Shoulder the Responsibility madhav Thu, 03/20/2025 – 04:52 Trust remains the cornerstone of digital interactions, yet its foundations are increasingly fragile in an era of sophisticated cyber threats and evolving consumer expectations. The 2024 Digital Trust Index gave us extremely important insights into the expectations…
-
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security…
-
Hostinger Study of cyberattacks and GDPR fines
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/study-cyberattacks-gdpr-fines-2025
-
CIOs and CISOs take on NIS2: Key challenges, security opportunities
Tags: access, cio, ciso, compliance, cybersecurity, data, GDPR, group, healthcare, ISO-27001, jobs, monitoring, nis-2, office, organized, privacy, regulation, risk, skills, software, strategy, supply-chain, technology, trainingCompliance will be easier for some: There are CIOs and CISOs who have found NIS2 compliance relatively easy: those who have worked toward ISO/IEC 27001:2022 certification, whether they remained in the preparation phase or actually got certified.Those who have the certification report having found themselves with “80% of the work done”: the company is ready…
-
UK ICO Fires GDPR “Warning Shot” Over Use of Children’s Data
The UK’s information commissioner has warned that all digital firms using children’s data must follow the GDPR First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ico-fires-gdpr-warning-shot/
-
Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032
Introducing Comp AI Comp AI is an open-source alternative to GRC automation platforms like Vanta and Drata. The platform includes several key features designed to automate compliance with frameworks such as SOC 2:A built-in risk register to help companies identify, document, and assess potential security risksOut-of-the-box security policies for modern companies, complete with an AI-powered…
-
Security compliance firm Drata acquires SafeBase for $250M
Drata, a security compliance automation platformthat helps companies adhere to frameworks such as SOC 2 and GDPR, has acquired software security review startup SafeBase for $250 million. SafeBase co-founders Al Yang (CEO) and Adar Arnon (CTO) will retain their roles, and SafeBase will continue to offer a standalone product while bringing its core solutions to…
-
Hacker allegedly puts massive OmniGPT breach data for sale on the dark web
Tags: ai, breach, china, compliance, cybersecurity, dark-web, data, data-breach, encryption, GDPR, hacker, india, toolOmniGPT’s has yet to respond: OmniGPT has not publicly acknowledged the breach or any attack. CSO reached out to the company for comments but did not receive a response till the publishing of this article.If confirmed, OmniGPT stands to face more than reputational damage as the AI aggregator might be looking at some data compliance…
-
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024
Tags: GDPR27 UK public sector organizations faced ICO enforcement actions in 2024, with three fines issued, according to URM Consulting First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/uk-gdpr-enforcement-public-sector/
-
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities
Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerabilityIn force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
-
DeepSeek hit by cyberattack and outage amid breakthrough success
Tags: access, ai, apple, attack, ceo, china, compliance, control, cyberattack, cybersecurity, data, detection, encryption, finance, GDPR, google, group, HIPAA, infrastructure, malicious, nvidia, open-source, risk, saas, service, startup, technology, threat, tool, training, vulnerabilityChinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages as demand for its AI assistant soared.According to the company’s status page, DeepSeek has been investigating the issue since late evening Beijing time on Monday.”Due to large-scale malicious attacks on DeepSeek’s services, registration…
-
Box-Checking or Behavior-Changing? Training That Matters
Exploring New Ways to Deliver and Measure Cybersecurity Awareness Programs Regulations like GDPR, HIPAA and CMMC have made security awareness training a staple of corporate security programs. But compliance is only part of the story. Organizations face an even deeper challenge: influencing employee behavior in ways that create a truly secure workplace. First seen on…
-
Security chiefs whose companies operate in the EU should be exploring DORA now
Tags: attack, business, ciso, compliance, conference, corporate, cyber, cybersecurity, data, detection, dora, finance, framework, GDPR, incident, network, regulation, resilience, risk, service, technology, threat, vulnerabilityIf your enterprise operates in Europe, you should care about the Digital Operational Resilience Act (DORA), which took effect on January 17. DORA, also known as Directive (EU) 2022/2555 of the European Parliament, aims to enhance and build the EU’s cybersecurity capabilities and it has been hanging like the Sword of Damocles over the heads…
-
Three Keys to Modernizing Data Security: DSPM, AI, and Encryption
Tags: access, ai, automation, best-practice, business, cloud, compliance, container, control, cyber, cybercrime, data, data-breach, detection, encryption, GDPR, incident response, infrastructure, privacy, regulation, risk, saas, security-incident, skills, software, strategy, threat, tool, vulnerabilityThree Keys to Modernizing Data Security: DSPM, AI, and Encryption andrew.gertz@t“¦ Tue, 01/21/2025 – 14:56 Organizations worldwide face a “perfect storm” of increasing and ever-evolving cyber threats. Internal and external factors are at play, elevating cyber risks and their consequences and mandating new approaches to safeguard data. A recent study based on responses from over…
-
GDPR Fines Total Euro1.2bn in 2024
Data from DLA Piper showed a 33% year-on-year fall in GDPR fines issued in Europe in 2024, with total penalties reaching Euro1.2bn First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/gdpr-fines-total-2024/