Why Encrypted File Sharing Is Essential for Modern Businesses
Consider the history of any recent corporate scandal, and it is quite possible to guess what the story…
GDPR
145 AI laws passed in 2025 and privacy teams aren’t catching a break
145 AI-related laws were enacted by state legislatures in 2025, and more than 1,000 additional bills were introduced or revised, according to DataGrail’s Privacy and AI Trends Report 2026. Average cost of manual data subject request management (S…
A study of 1,000 Android apps finds a privacy policy logging gap
Android developers write log statements for the same reasons they always have: debugging crashes, tracing performance issues, and understanding how features behave in production. Legal and privacy teams, working from templates and regulatory checklists…
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate parts of that process, and Comp AI i…
Building Trust in AI SOC Analyst Solutions: A UK and EU CISO Perspective
By Brett Candon, VP International at Dropzone AITrust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data‑protection frameworks shape far more than lega…
Modernising Data Rules for Europe’s AI Future
The Cisco 2026 Data and Privacy Benchmark shows the urgent need to move towards agile data governance to meet the realities of AI and enable businesses to keep pace with rapid technological change.
Carlsberg Event Wristband Leaked PII, Researcher Told Not to Disclose
A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months.
UK’s ICO Fine LastPass £1.2 Million Over 2022 Security Breach
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure.
What 35 years of privacy law say about the state of data protection
Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in har…
The GDPR’s Six Lawful Bases For Processing – With Examples
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? We answer those questions and others in this blog. What is a lawful basis? According to Article 6 of the GDPR, a lawful basis is necessary whenever organisations process personal data. It outlines six bases that organisations can choose from, depending on the circumstances: 1) If the data subject gives their explicit consent or if the processing is
The post The GDPR’s Six Lawful Bases For Processing – With Examples appeared first on IT Governance Blog.