Google has been fined €50 million by the CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation). It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers. What did Google do wrong? The CNIL concluded that Google had violated the GDPR in two … [Read more...]
January 22, 2019
January 21, 2019
6 tools to help you manage your organisation’s security measures and GDPR compliance
The ability to prevent data breaches has become a lot more important since the GDPR (General Data Protection Regulation) took effect. You should have already been concerned about your customers’ freedom and privacy, your susceptibility to regulatory action and your ability to protect your reputation in the event of a security incident, but these have now taken on heightened significance. The … [Read more...]
January 18, 2019
What is ISO 27001 certification?
ISO 27001 certification demonstrates that an organisation has met the requirements of the international standard for information security. This is hugely beneficial compared to simply following the Standard’s requirements, because it provides proof of the effectiveness of your security systems and satisfies the demands of clients and regulators. The ISO 27001 certification process Before … [Read more...]
January 16, 2019
How cyber resilience can help you comply with the GDPR
Cyber resilience is an emerging approach to tackling the threat of data breaches and disruptions, combining elements of cyber security and business continuity management. It acknowledges that traditional approaches to cyber security are increasingly inadequate, with organisations unable to cope with the number of threats facing them. With cyber resilience, organisations don’t put all their … [Read more...]
January 15, 2019
How to document your information security policy
Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and … [Read more...]
January 14, 2019
Still struggling with the GDPR? Here’s how you can get started
The GDPR (General Data Protection Regulation) has been in effect for more than seven months now, but many organisations still aren’t fully compliant with its requirements, and some are still only just getting started. That’s obviously not ideal, but the good news is that organisations that are still working towards compliance don’t need to feel as though they’ve left … [Read more...]
January 11, 2019
Dublin law firm scammed out of €97,000
A Dublin law firm transferred €97,000 to cyber criminals after its email systems were hacked, the Law Society of Ireland reports. The crooks intercepted emails about a mortgage redemption, altering one in which the client’s bank account details were listed. The misappropriated funds have since been withdrawn from the crooks’ account, and the law firm’s loss will be covered by its cyber … [Read more...]
January 9, 2019
What’s the difference between an ISO 27001 risk assessment and gap analysis?
The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]
January 9, 2019
What’s the difference between an ISO 27001 risk assessment and gap analysis?
The ISO 27001 implementation and review process centres upon the risk assessment and gap analysis process. These two pivotal steps provide you with the bulk of the information you need comply with the Standard, so it’s essential that you get them right. The problem is that the two processes are very similar, meaning organisations can easily confuse the two and jeopardise their compliance … [Read more...]
January 7, 2019
78% of customers won’t go back to a breached organisation
A Ping Identity study has revealed that 78% of people would no longer use a retailer’s online site if it had suffered a data breach. The 2018 Consumer Survey, which polled more than 3,000 people across Europe and the US, also found that: 48% of people won’t sign up for an online service if the organisation has recently been breached;56% of people won’t accept an increased service fee in … [Read more...]
