dcsimg

What do SMEs need to do to comply with the PCI DSS?

Organisations that accept card payments are responsible for the security of customers’ payment information and must comply with the PCI DSS (Payment Card Industry Data Security Standard). The PCI DSS is a set of tools and measures to help you protect payment card data. It applies to all organisations that transmit, process or store such information, but SMEs (small and medium-sized organisations) … [Read more...]

Max Schrems: lawyer, regulator, international man of privacy

Almost one decade ago, disparate efforts began in the European Union to change the way the world thinks about online privacy. One effort focused on legislation, pulling together lawmakers from 28 member-states to discuss, draft, and deploy a sweeping set of provisions that, today, has altered how almost every single international company handles users’ personal information. The finalized law of … [Read more...]

Results of Facebook investigation coming this summer, says DPC

Ireland’s DPC (Data Protection Commission) has said it will release the findings of its investigation into Facebook and several other high-profile tech companies in June or July. Commissioner Helen Dixon told Bloomberg: “We’re at various concrete stages in all of them, but they’re all substantially advanced.” The DPC began its investigation in October 2018, following consumer complaints … [Read more...]

Google fined €50 million in landmark GDPR ruling

Google has been fined €50 million by the CNIL, France’s data protection regulator, for a breach of the EU GDPR (General Data Protection Regulation).  It’s by far the biggest fine related to the GDPR, which took effect in May 2018 and gave regulatory bodies much stronger disciplinary powers.  What did Google do wrong?  The CNIL concluded that Google had violated the GDPR in two … [Read more...]

6 tools to help you manage your organisation’s security measures and GDPR compliance

The ability to prevent data breaches has become a lot more important since the GDPR (General Data Protection Regulation) took effect. You should have already been concerned about your customers’ freedom and privacy, your susceptibility to regulatory action and your ability to protect your reputation in the event of a security incident, but these have now taken on heightened significance. The … [Read more...]

What is ISO 27001 certification?

ISO 27001 certification demonstrates that an organisation has met the requirements of the international standard for information security. This is hugely beneficial compared to simply following the Standard’s requirements, because it provides proof of the effectiveness of your security systems and satisfies the demands of clients and regulators. The ISO 27001 certification process Before … [Read more...]

How cyber resilience can help you comply with the GDPR

Cyber resilience is an emerging approach to tackling the threat of data breaches and disruptions, combining elements of cyber security and business continuity management. It acknowledges that traditional approaches to cyber security are increasingly inadequate, with organisations unable to cope with the number of threats facing them. With cyber resilience, organisations don’t put all their … [Read more...]

How to document your information security policy

Information security policies play a vital role in organisational security. Getting your policy right will give you an excellent framework to build on, making sure that all your efforts follow a single goal. But if you get it wrong, you risk neglecting key issues and exposing yourself to data breaches. To make sure you get off on the right track, we’ve taken some advice from Alan Calder and … [Read more...]

Still struggling with the GDPR? Here’s how you can get started

The GDPR (General Data Protection Regulation) has been in effect for more than seven months now, but many organisations still aren’t fully compliant with its requirements, and some are still only just getting started.  That’s obviously not ideal, but the good news is that organisations that are still working towards compliance don’t need to feel as though they’ve left … [Read more...]

Dublin law firm scammed out of €97,000

A Dublin law firm transferred €97,000 to cyber criminals after its email systems were hacked, the Law Society of Ireland reports. The crooks intercepted emails about a mortgage redemption, altering one in which the client’s bank account details were listed. The misappropriated funds have since been withdrawn from the crooks’ account, and the law firm’s loss will be covered by its cyber … [Read more...]