After much fanfare, the EU’s General Data Protection Regulation (GDPR) went into effect in May of 2018. In May 2019, the European Data Protection Board (EDPB) issued its 1-year assessment of the GDPR. In the first year, over 89,000 data breaches had been logged by EEA Supervisory Authorities.
Read moreRadarFirst Blog
GDPR – where are we now? A Year in Review
For the past year, the privacy and security world has kept a laser-like focus on the European Union’s General Data Protection Regulation (GDPR). And what a year it’s been. More than 59,000 personal data breaches were reported across Europe from the enforcement date of GDPR on May 25, 2018, to International Data Protection Day on […]
Read moreGlobal Impacts of the GDPR – One Year Later
Preparing for the GDPR was a herculean effort for many. Now here we are, one year later, and the tide of GDPR fervor has ebbed, but not significantly receded – after all, achieving compliance is a marathon, not a sprint!
Read moreThe One Challenge We’re all Too Familiar With: Lack of Budget For Incident Response
“There is only one amount of money—just not enough,” author Andrew Kaufman once wrote. Many departments in an organization feel the financial pinch, especially privacy teams, who face the challenge of completing herculean tasks on a small budget. Privacy budgets tend to be microscopic compared to those of security or IT/infosec teams. Thus, critical privacy […]
Read moreWhat did the EU GDPR effective date mean for US companies?
On May 25, the EU GDPR went into effect. Prior to this day, there was much speculation as companies prepared for the rigors of this new privacy regulation – would companies be prepared? Would regulators? How would the public react?
Read moreBenchmarking incidents involving regulated data as the GDPR looms
This article is part of an ongoing IAPP Privacy Advisor series on privacy program metrics and benchmarking for incident response management. Find earlier installments of this series here.
Read moreClarification from Working Party 29 on Key Breach Notification Terms
On November 28, 2017, the Article 29 Working Party (WP29) closed its public consultation period for WP250, guidance issued by the European advisory body on personal data breach notifications to supervisory authorities and data subjects under the GDPR.
Read moreIncreasing Privacy Technology Investments and Other Takeaways from the 2017 IAPP-EY Annual Governance Report
Last month during the annual Privacy.Security.Risk. event, the IAPP released the results of the 2017 IAPP-EY Annual Governance Report. We always look forward to this report, now in its third year, having now compiled survey responses provided by nearly 600 privacy professionals across the globe. The findings have been consistent with what we’re hearing from […]
Read moreUpcoming Webinar: GDPR and Incident Response
The clock is ticking – the deadline to comply with the General Data Protection Regulation (GDPR) is now less than a year away, and having an incident response plan in place and ready to implement should be a primary item on your preparation checklist. With notification timelines of 72 hours, and fines that could reach 4% of […]
Read moreIAPP Matchup: The Philippines’ Data Privacy Act and the General Data Protection Regulation
This article By Alex Wall, CIPP/E, CIPP/US, CIPM, was originally published in the IAPP Privacy Tracker.
Read more