Complying with the EU's GDPR data privacy mandates remains challenging. These best practices -- such as hiring a data protection officer and classifying data -- can help
"Any organization that handles EU citizens' personal data, regardless of its location, is subject to GDPR, the 2018 privacy and data protection law in the European Union and the European Economic Area.
Noncompliance with GDPR can result in data processing injunctions, suspension of data transfers and fines of up to 20 million euros -- approximately $23.2 million -- or 4% of annual global turnover. Due to this, GDPR is shaping data protection strategies worldwide..."
Banks must report major cybersecurity incidents to federal officials within 36 hours under a rule that U.S. financial regulators finalized on Thursday
"Beginning in May 2022, financial executives will need to be more forthcoming about computer system failures and interruptions, such as ransomware or denial-of-service attacks that have the potential to disrupt customers' ability to access their accounts, or impact the larger financial system.
The rule, dubbed the Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers, was cemented by the Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System and the Federal Deposit Insurance Corporation. There is currently no specific window that banks must repot such incident to the agencies in question..."
Data security and privacy are today a prime focus for most organizations globally
"While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy is concerned.
While GDPR is an international data privacy law for securing personal data, PCI DSS is a data security standard that is designed to secure personal cardholder data. Although both focus primarily on securing data, their scope and applicability greatly differ. However, there are enough overlaps in the requirements of both GDPR and PCI DSS that make the compliance process a lot easier..."
See all Archived IT - Compliance articles
See all articles from this issue