GDPR compliance got even more complicated this summer when the CJEU (European Court of Justice) ruled the EU–US Privacy Shield invalid. Organizations that had relied on the framework for transatlantic data transfers have been scrambling for a solution – with even some multinationals unsure how to proceed. If you’re among those trying to understand how […]

ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system). Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports […]

Big news is coming when NIST takes the wraps off a new privacy framework. Thanks to the General Data Privacy Regulation (GDPR) of the European Union, which took full effect in May 2018, privacy is at center stage worldwide. Penalties are being meted out for violations, and organizations of all kinds need to understand and […]

4 bad things happening every minute on the Internet  by Alan Calder   Risk IQ’s Evil Internet Minute infographic tells you the bad things happening every minute on the Internet: 5 successful ransomware attacks 9 phishing attacks 1,274 new malware variants 5,518 records compromised Any data you look at shows that the scale of ‘Internet evil’ increases every year. The […]

The GDPR will replace these with a pan-European regulatory framework effective from 25 May 2018.  The GDPR applies to all EU organizations – whether commercial business or public authority – that collect, store or process the personal data (PII) of EU individuals. Organizations based outside the EU that monitor or offer goods and services to […]

As part of an EU General Data Protection Regulation (GDPR) compliance project, organisations will need to map their data and information flows in order to assess their privacy risks. This is also an essential first step for completing a data protection impact assessment (DPIA), which is mandatory for certain types of processing. The key elements of […]