Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch

A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system.

Source: Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch

Leave a Comment

Iranian developer advertised BlackRouter Ransom-as-a-Service

An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model.

Source: Iranian developer advertised BlackRouter Ransom-as-a-Service

Leave a Comment

8 Tips for Monitoring Cloud Security

Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.

Source: 8 Tips for Monitoring Cloud Security

🔒 securing the business 🔒

DISC InfoSec


Leave a Comment

3 Compelling Reasons To Invest In Cyber Security – Part 3

Cyber security is among the essential subjects to boards, alongside business strategy and leadership. Your compelling case to gain an investment is now here!

Source: 3 Compelling Reasons To Invest In Cyber Security – Part 3

🔒 securing the business 🔒

DISC InfoSec


Leave a Comment

Privacy notice under the GDPR


A privacy notice is a public statement of how your organisation applies data protection principles to processing data. It should be a clear and concise document that is accessible by individuals.

Articles 12, 13 and 14 of the GDPR outline the requirements on giving privacy information to data subjects. These are more detailed and specific than in the UK Data Protection Act 1998 (DPA).

The GDPR says that the information you provide must be:

  • Concise, transparent, intelligible and easily accessible;
  • Written in clear and plain language, particularly if addressed to a child; and
  • Free of charge.

Help with creating a privacy notice template

The privacy notice should address the following to sufficiently inform the data subject:

  • Who is collecting the data?
  • What data is being collected?
  • What is the legal basis for processing the data?
  • Will the data be shared with any third parties?
  • How will the information be used?
  • How long will the data be stored for?
  • What rights does the data subject have?
  • How can the data subject raise a complaint?

Below is an example of a customisable privacy notice template, available from IT Governance here.

GDPR Privacy Notice Template - Example from the EU GDPR Documentation Toolkit

Example of the privacy notice template available to purchase from IT Governance

If you are looking for a complete set of GDPR templates to help with your compliance project, you may be interested in the market-leading EU GDPR Documentation Toolkit. This toolkit is designed and developed by expert GDPR practitioners, and has been used by thousands of organisations worldwide. It includes:

  • A complete set of easy-to-use and customisable documentation templates, which will save you time and money and ensure GDPR compliance;
  • Helpful dashboards and project tools to ensure complete GDPR coverage;
  • Direction and guidance from expert GDPR practitioners; and
  • Two licences for the GDPR Staff Awareness E-learning Course.

Leave a Comment

Why your organisation should consider outsourcing its DPO

Why your organisation should consider outsourcing its DPO

By Laura Downes

Since the EU’s GDPR (General Data Protection Regulation) came into effect in May 2018, demand for DPOs (data protection officers) has increased. The Regulation stipulates that certain organisations must appoint a DPO to support their GDPR compliance. DPOs also have an essential role as intermediaries between relevant stakeholders, such as supervisory authorities, data subjects, and business units within an organisation. 

Your organisation will need to appoint a DPO if it:  

  • Is a public authority or body; 
  • Regularly and systematically monitors data subjects; or 
  • Processes special categories of data on a large scale. 

The GDPR does not stipulate the level of experience a DPO must have, meaning some organisations might appoint an internal team member who does not have the experience or qualifications required, leaving them wide open to error.  

Why you should consider outsourcing your DPO 

Suitably skilled and experienced DPO candidates are hard to find. Outsourcing the role not only satisfies the requirements of the GDPR but also ensures your organisation is employing proper data handling and privacy policies. Furthermore, there is no conflict of interest between the DPO and other business activities. 

An external DPO can work for your organisation on a fixed-fee or a per-hour basis. Signing up to a DPO service also means you can rely on several experienced DPOs rather than just one, which means more hands on deck should you ever suffer a breach. 

DPO as a service (GDPR) 

IT Governance’s annual subscription DPO service offers you hands-on support from one of our qualified DPOs, who will serve as independent data protection expert to your organisation. Your appointed DPO will: 

Find out more >> 

Leave a Comment

PCI DSS policies address the weakest link – people

By Nick Calver @ITG

Drafting detailed data protection policies and documentation is vital for improving security for your customers, stakeholders and brand because it shows your understanding and commitment to the PCI DSS (Payment Card Industry Data Security Standard). From policy, to procedure, to configuration standard, a significant proportion of PCI DSS compliance begins with documentation.

Deploying security technologies can only go so far in protecting an organisation and helping maintain compliance.

Nearly 1 in 5 data breaches caused by human error

Verizon’s 2018 Data Breach Investigations Report identified that almost 1 in 5 data breaches (17%) were the result of human error.

Policies are needed to address the weak link in security – people. If your employees don’t know or understand what’s expected of them, they can put cardholder data at risk, regardless of the other security measures you have in place. Policies play an important role in securing data. They are the foundation for everything else as they provide direction and instruction, and assign responsibility.

What’s in a PCI policy set?

PCI DSS compliance requires that all merchants and service providers document the processes and procedures they put in place. These policies and procedures can then serve as a guide, following the 12 requirements of the PCI DSS, from which you and your QSA (Qualified Security Assessor) can work during your assessment.

The policies might address:

Information security: This details the organisation’s security strategy in relation to the storage, processing and transmission of credit card data. It provides a detailed outline of information security responsibilities for all staff, contractors, partners and third parties that access the CDE (cardholder data environment).

Formal security awareness: This identifies the organisation’s responsibilities when implementing a PCI security awareness training programme and is intended for anyone who has access to the CDE. Staff should take this program during their induction and repeat it at least annually or whenever there is a security incident.

Incident response: This is a set of instructions for detecting, responding to and limiting the effects of an information security event. Without a plan in place, organisations might not detect an attack or fail to follow proper protocol to contain it and recover.

Nothing here should surprise an experienced security professional. The policy requirements are basic information security best practices. Therefore, when structuring your PCI policy set we advise doing so alongside the development of your core information security policy.

PCI DSS Staff Awareness

Increase your employees’ knowledge of the Payment Card Industry Data Security Standard (PCI DSS) and how it affects your organization with the expertise at IT Governance USA Inc.


Leave a Comment

Equifax fined by ICO over data breach that hit Britons


Credit rating agency Equifax is to be fined £500,000 by the Information Commissioner’s Office (ICO) after it failed to protect the personal data of 15 million Britons.

A 2017 cyber-attack exposed information belonging to 146 million people around the world, mostly in the US.

The compromised systems were also US-based.

But the ICO ruled Equifax’s UK branch had “failed to take appropriate steps” to protect UK citizens’ data.

It added that “multiple failures” meant personal information had been kept longer than necessary and left vulnerable.

Originally, Equifax reported that fewer than 400,000 Britons had had sensitive data exposed in the breach – but it later revealed that the number was nearly 700,000.

A further 14.5 million British records exposed would not have put people at risk, the company added last October.

The ICO, which joined forces with the Financial Conduct Authority to investigate the breach, found that it affected three distinct groups in the following ways:

  • 19,993 UK data subjects had names, dates of birth, telephone numbers and driving licence numbers exposed
  • 637,430 UK data subjects had names, dates of birth and telephone numbers exposed
  • Up to 15 million UK data subjects had names and dates of birth exposed


Guard let down

Equifax had also been warned about a critical vulnerability in its systems by the US Department of Homeland Security in March 2017, the ICO revealed.

And appropriate steps to fix the vulnerability were not taken, according to the ICO.

Because the breach happened before the launch of the EU’s General Data Protection Regulation (GDPR) in May this year, the investigation took place under the UK’s Data Protection Act 1998 instead.

And the fine of £500,000 is the highest possible under that law.

“The loss of personal information, particularly where there is the potential for financial fraud, is not only upsetting to customers, it undermines consumer trust in digital commerce,” said information commissioner Elizabeth Denham.

“This is compounded when the company is a global firm whose business relies on personal data.”

An Equifax spokesperson said the firm was “disappointed in the findings and the penalty”.

“As the ICO makes clear in its report, Equifax has successfully implemented a broad range of measures to prevent the recurrence of such criminal incidents and it acknowledges the strengthened procedures which are now in effect.

“The criminal cyber-attack against our US parent company last year was a pivotal moment for our company. We apologise again to any consumers who were put at risk.”


Leave a Comment

CISOs and the Quest for Cybersecurity Metrics Fit for Business

By Kevin Townsend

Never-ending breaches, ever-increasing regulations, and the potential effect of brand damage on profits has made cybersecurity a mainstream board-level issue. It has never been more important for cybersecurity controls and processes to be in line with business

Reporting Security Metrics to the Board

recent survey by security firm Varonis highlights that business and security are not fully aligned; and while security teams feel they are being heard, business leaders admit they aren’t listening.

The problem is well-known: security and business speak different languages. Since security is the poor relation of the two, the onus is absolutely on security to drive the conversation in business terms. When both sides are speaking the same language, aligning security controls with business priorities will be much easier.

Well-presented metrics are the common factor understood by both sides and could be used as the primary driver in this alignment. The reality, however, is this isn’t always happening

Using metrics to align Security and Business: Information security metrics

SecurityWeek spoke to several past and present CISOs to better understand the use of metrics to communicate with business leaders: why metrics are necessary; how they can be improved; what are the problems; and what is the prize?

Demolishing the Tower of Babel

“While some Board members may be aware of what firewalls are,” comments John Masserini: CISO at Millicom Telecommunications, “the vast majority have no understanding what IDS/IPS, SIEMs, Proxies, or any other solution you have actually do. They only care about the level of risk in the company.”

CISOs, on the other hand, understand risk but do not necessarily understand which parts of the business are at most risk at any time. Similarly, business leaders do not understand how changing cybersecurity threats impact specific business risks.

The initial onus is on the security lead to better understand the business side of the organization to be able to deliver meaningful risk management metrics that business leaders understand. This can be used to start the process for each side to learn more about the other. Business will begin to see how security reduces risk, and will begin to specify other areas that need more specific protection.

The key and most common difficulty is in finding and presenting the initial metrics to get the ball rolling. This is where the different ‘languages’ get in the way. “The IT department led by the CIO typically must maintain uptime for critical systems and support transformation initiatives that improve the technology used by the business to complete its mission,” explains Keyaan Williams, CEO at CLASS-LLC. “The Security department led by the CISO typically must maintain confidentiality, integrity, and availability of data and information stored, processed, or transmitted by the organization. These departments and these leaders tend to provide metrics that focus on their tactical duties rather than business drivers that concern the board/C-suite.”

Drew Koenig, consultant and host of the Security in Five podcast, sees the same basic problem. “In security there tends to be a focus on the technical metrics. Logins, blocked traffic, transaction counts, etc… but most do not map back to business objectives or are explained in a format business leaders can understand or care about. Good metrics need to be tied to dollars, business efficiency shown through time improvements, and able to show trending patterns of security effectiveness as it relates to the business. That’s the real challenge.”

Williams sees the problem emanating from a lack of basic business training in the academic curriculum that supports IT and security degrees. “The top management tool in 2017 was strategic planning,” he said. “Strategic planning is often listed as one of the top-five tools of business leaders. How many security leaders understand strategic planning and execution enough to ensure their metrics contribute to the strategic initiatives of the organization?”

It is not up to the business leaders to learn about security. “The downfall for many CISOs in the past is believing that business needs to understand security,” adds Candy Alexander, a virtual CISO and president-elect of ISSA. “That is a mistake, because security is our job. We need to better understand the business, so that we can articulate the impact of not applying appropriate safeguards. The key to this whole approach is for the CISO to understand the business, and to understand the mission and goals of the business.”

for more on this article: CISOs and the Quest for Cybersecurity Metrics Fit for Business



Leave a Comment

US lawmakers introduce bill to fight cybersecurity workforce shortage

Report claims US public and private sectors had over 300,000 cybersecurity-related job openings between April 2017 and March 2018.

By  for Zero Day


US lawmakers have introduced a bipartisan bill in the House of Representatives meant to address the cybersecurity workforce shortage crisis.

The bill, named the Cyber Ready Workforce Act (H.R.6791), would establish a grant program within the Department of Labor.

According to the bill’s proposed text, the Secretary of Labor will be able to award grants to workforce intermediaries to support the creation, implementation, and expansion of apprenticeship programs in cybersecurity.

These apprenticeship programs may include career counseling, mentorship, and assistance with transportation, housing, and child care costs.

The Cyber Ready Workforce Act is meant to address a growing problem in the US workforce landscape where companies, across all sectors, are having a hard time filling cybersecurity jobs with trained personnel.

According to a CompTIA report based on data from CyberSeek, a free cybersecurity career and workforce resource, there were 301,873 cybersecurity-related job openings in the private and public sectors between April 2017 and March 2018.

Also: Bill that would have the White House create a database of APT groups passes House vote

Congresswoman Jacky Rosen (Dem., NV-03) introduced the bill last week. The bill is based on the state of Nevada’s recently introduced cybersecurity apprenticeship program.

The bill was also co-sponsored by Congressman Seth Moulton (Dem., MA-06), Congresswoman Elise Stefanik (Rep., NY-21), and Congressman Dan Donovan (Rep., NY-11).

The bill, which doesn’t yet have mirroring legislation in the Senate, has also gained the support of trade and workforce organizations such as CompTIA and The Learning Center.

Cybersecurity threats will continue to present national security challenges for America in the 21st century,” said Congressman Dan Donovan. “With these threats and the changing economic and technological landscape, America needs a workforce that can adequately advance our cybersecurity defense priorities.”

“Investing in and expanding our cybersecurity workforce doesn’t only fuel our economy, it keeps us safe,” said Congressman Seth Moulton. “While I was fighting on the ground in Iraq, Al-Qaeda was fighting us on the internet — and they were beating us online! And while we focused on Russia’s military in 2016, they attacked us through the internet. This bill is an important first step towards making sure we don’t get ourselves into such a vulnerable position again.”

Leave a Comment

Download ISO27k standards



Download ISO27000 family of information security standards today!

• ISO27001 2013 ISMS Requirement (Download now)

• ISO27002 2013 Code of Practice for ISM (Download now)

ISO 27001 Do It Yourself Package (Download)


ISO 27001 Training Courses –  Browse the ISO 27001 training courses

ISO 27001 Training Courses

Leave a Comment

CISO’s Library

#CISO who is looking to build his/her personal library on managing risk for their organization.

Leave a Comment

4 bad things happening every minute on the Internet

4 bad things happening every minute on the Internet

Risk IQ’s Evil Internet Minute infographic tells you the bad things happening every minute on the Internet:

  • 5 successful ransomware attacks
  • 9 phishing attacks
  • 1,274 new malware variants
  • 5,518 records compromised

Any data you look at shows that the scale of ‘Internet evil’ increases every year. The economic impact of cyber crime now exceeds $1.1 million per minute. This is a major corporate risk, irrespective of organisational size, and cyber insurance is an inadequate response – insurers will not pay out where you have been negligent.

The EU’s GDPR (General Data Protection Regulation) makes the tests for negligence pretty clear: absence of accountability, insufficient corporate governance and countermeasures that do not adequately respond to the frequency and virulence of today’s attacks.

In an environment where four potentially vulnerable web components are discovered every minute, an annual penetration test is only slightly better than not bothering at all. We run penetration tests about once a month; you should be doing them at least quarterly. However, even if you do this, you need to recognise that purely technical responses have limited benefits. Staff are the weakest of your links, particularly as phishing and ransomware attacks get smarter every day. And your supply chain may increasingly be your attackers’ fastest route into what passes for your secure environment. Staff awareness training only every year or two would be desperately short-sighted.

We’re going to see more and more organisations reporting data breaches – it’s now an offence to not report one, and you can be punished with significant fines. The costs don’t stop there. After you report a breach, and undergo investigation, fines and reputational damage, you still have to spend the money to get secure. It therefore probably works out less expensive in the long run to make comprehensive cyber security investments before you are breached (assuming that you haven’t already been breached, and you just don’t know it yet).

Leave a Comment

NordVPN apps for iOS and macOS

Redesigned NordVPN apps for iOS and macOS are available now!

NordVPN team has been on a mission “Make the app UX go WOW” for a while. As they want users to have smooth and hassle-free NordVPN experience, rethinking our app navigation from the ground up felt like the right thing to do. Tweak after tweak, and today NordVPN’re more than excited to introduce the redesigned NordVPN apps for iOS and macOS! This a major design update, so let’s take a closer look.

NordVPN app for iOS goes 4.0. What’s inside?

Once you open the updated app, the view and navigation you will see is likely to remind you of a deck of cards. We organized our app this way to make it more thumb-friendly and clear for finding what you’re looking for.

Swipe up to browse servers

What can you do with a simple swipe-up? Great things, great things… From now on, by swiping up in the main map screen you’ll get one-tap access to:

  • Servers by country
  • Specialty servers
  • Search
  • Your favorites’ list


Anonymous VPN Service

NordVPN – The World’s most advanced VPN 


Leave a Comment

Secure File Sharing from any device

Easy Desktop Access to Cloud Files

Ditch Email Attachments. With your files in the cloud, you can easily share them with anyone — even if they’re outside your company firewall — with a simple link via email or straight from Box.

Keep Everybody on the Same Page. Easily share files and folders, and add, move or edit files while always having the latest file version on hand.

Preview Files Without Download. With Box, you can view 120+ types of files, including Word, Excel, PDF, AI, EPS, PSD, photos and more—without downloading a single file.

Easily Share Your Workspace. Right click any folder to share instantly or open on and invite your team to view, edit and upload files, turning folders into collaborative workspaces.

Never Lose Files. A stolen laptop or hard drive crash doesn’t mean you lose your files. Safely store all of your work documents and projects in Box Drive.


Box enables secure file sharing and collaboration so you can get real work done with anyone, from any device.


  • Secure File Sharing. Easily and securely share files—even sensitive or confidential ones—without worry.
  • Hassle-Free File Sharing. Ditch email attachments! Share any file with a simple link or straight from Box, with anyone you want.

An Introduction to Box: The Modern Content Management Platform

Discover how Box can solve simple and complex challenges, from sharing and accessing files on mobile devices to sophisticated business processes like data governance and retention.

Leave a Comment

Nine Steps to Successful implementation

Achieving and maintaining accredited certification to ISO 27001 can be complicated, especially for those who are new to the Standard.

Aligned with the latest iteration of ISO 27001:2013, the North American edition of Nine Steps to Success – An ISO 27001 Implementation Overview is ideal for anyone tackling ISO 27001 for the first time.

In nine critical steps, the guide covers each element of the ISO 27001 project in simple, non-technical language.

Get step-by-step guidance on successful ISO 27001 implementation from an industry leader.

Implementation Overview, North American edition
This must-have guide from ISO 27001 expert Alan Calder helps you get to grips with the requirements of the Standard and make your ISO 27001 implementation project a success:

Details the key steps of an ISO 27001 project from inception to certification
Explains each element of the ISO 27001 project in simple, non-technical language
An ideal guide for anyone tackling ISO 27001 implementation for the first time
Buy before the end of August to save 10%

Price: $31.49




Leave a Comment

(ISC) 2 CISSP Certified Information Systems Security Professional

(ISC) 2 CISSP Certified Information Systems Security Professional Official Study Guide 8th Edition


Get expert content and real-world practice with the new CISSP Study Guide, now available for purchase in paperback and kindle! Order yours today >>

CISSP Study Guide –  fully updated for the 2018 CISSP Body of Knowledge

CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you’ve learned with key topic exam essentials and chapter review questions.

Along with the book, you also get access to Sybex’s superior online interactive learning environment that includes:

  • Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you’re ready to take the certification exam.
  • More than 1400 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam
  • A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam

Coverage of all of the exam topics in the book means you’ll be ready for:

  • Security and Risk Management
  • Asset Security
  • Security Engineering
  • Communication and Network Security
  • Identity and Access Management
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security


Leave a Comment

Nine Things That Are Poised To Impact Cybersecurity

Read Forbes Technology Council list nine things that can impact cybersecurity on Forbes :

From the Equifax breach this past September to the recent hack of MyFitnessPal data through Under Armour, the number of high-profile cyberattacks has continued to climb in recent months. Every company, regardless of size, must be prepared for the possibility that they may be the next victim.

Read the full article here.

Leave a Comment

What is ‘privacy by design’?

What is ‘privacy by design’?

Privacy by design is a voluntary approach to projects that promotes privacy and data protection compliance, and helps you comply with the Data Protection Act 1998 (DPA).

The Information Commissioner’s Office (ICO) encourages organisations to seriously consider privacy and data protection throughout a project lifecycle, including when:

  • Building new IT systems to store or access personal data;
  • Needing to comply to regulatory or contractual requirements;
  • Developing internal policies or strategies with privacy implications;
  • Collaborating with an external party that involves data sharing; or
  • Existing data is used for new purposes.

Privacy by design and the GDPR

The upcoming EU General Data Protection Regulation (GDPR) will supersede the DPA. Article 25 of the GDPR, “[d]ata protection by design and default”, requires you to “implement appropriate technical and organisational measures” throughout your data processing project. As such, data must be considered at the design stage of any project, during which you must process and store as little data as possible, for as short a time as possible.

Under the GDPR, you are required to document your data processing activities. One way to do this is to map your organisation’s data flows. This method also enables you to assess the risks in your data processing activities and identify where controls are required, for example, assessing privacy and data security risks.

Organisations need to be aware of the personal data that they are processing, and that this data is being processed in compliance with the law. Organisations can often process significantly more data than they realise, so it is vital that they perform mapping exercises to keep track of them all.

Data flow mapping may seem daunting, but you can simplify the process with the Data Flow Mapping Tool.

The tool gives you a thorough understanding of what personal data your organisation processes and why, where it is held and how it is transferred.

IT Governance free green paper ‘Conducting a data flow mapping exercise under the GDPR’ will help you understand how to effectively map your data in compliance with the GDPR.

Steps to GDPR Compliance

Leave a Comment

Six Essential Data Protection and Privacy Requirements Under GDPR

By Leighton Johnson, CISA, CISM, CIFI, CISSP

With the advent of the European Union (EU) deadline for General Data Protection Regulation (GDPR) (EU 2016/679 regulation) coming up on 25 May 2018, many organizations are addressing their data gathering, protection and retention needs concerning the privacy of their data for EU citizens and residents. This regulation has many parts, as ISACA has described in many of its recent publications and events, but all of the efforts revolve around the protection and retention of the EU participants’ personal information. The 6 main areas for data protection defined in this regulation are:

  1. Data security controls need to be, by default, active at all times. Allowing security controls to be optional is not recommended or even suggested. “Always on” is the mantra for protection.
  2. These controls and the protection they provide must be embedded inside all applications. The GDPR view is that privacy is an essential part of functionality, the security of the system and its processing activities.
  3. Along with embedding the data protection controls in applications, the system must maintain data privacy across the entire processing effort for the affected data. This end-to-end need for protection includes collection efforts, retention requirements and even the new “right to be forgotten” requirement, wherein the customer has the right to request removal of their data from an organization’s storage.
  4. Complete data protection and privacy adds full-functional security and business requirements to any processing system in this framework for data privacy. It provides that business requirements and data protection requirements be equally important during the business process.
  5. The primary requirement for protection within the GDPR framework demands the security and privacy controls implemented are proactive rather than reactive. As its principal goal, the system needs to prevent issues, releases and successful attacks. The system is to keep privacy events from occurring in the first place.
  6. With all of these areas needed under GDPR, the most important point for organizations to understand about GDPR is transparency. The EU wants full disclosure of an organization’s efforts, documentation, reviews, assessments and results available for independent third-party review at any point. The goal is to ensure privacy managed by these companies is not dependent upon technology or business practices. It needs to be provable to outside parties and, therefore, acceptable. The EU has purposely placed some strong fine structures and responses into this regulation to ensure compliance.

Having reviewed various organizational efforts in preparation for GDPR implementation, it has been found that it is good practice to look at these 6 areas for all the collected and retained data, not just EU-based data. This zero-tolerance approach to data breaches is purposely designed to be stringent and strong. Good luck to all in meeting and maintaining the data privacy and security requirements of GDPR.

Steps to EU GDPR compliance


Leave a Comment