More results...
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate parts of that process, and Comp AI i…
By Brett Candon, VP International at Dropzone AITrust has always been critical in security operations, but in the UK and Europe it carries significant regulatory weight. GDPR, NIS2 and similar related data‑protection frameworks shape far more than lega…
The Cisco 2026 Data and Privacy Benchmark shows the urgent need to move towards agile data governance to meet the realities of AI and enable businesses to keep pace with rapid technological change.
A poorly secured wristband system used at a Carlsberg exhibition allowed access to visitor photos, videos, and full names. Attempts to report the issue were ignored for months.
UK’s ICO fines LastPass £1.2M for the 2022 data breach that exposed 1.6 million users’ data. Learn how a flaw in an employee’s personal PC led to the massive security failure.
Privacy laws have expanded around the world, and security leaders now work within a crowded field of requirements. New research shows that these laws provide stronger rights and duties, but the protections do not always translate into reductions in har…
Under the GDPR (General Data Protection Regulation), a lawful basis must be documented when organisations process personal data. But what is a lawful basis for processing? Do you always need individuals’ consent to process their data? And what exactly are ‘legitimate interests’? We answer those questions and others in this blog. What is a lawful basis? According to Article 6 of the GDPR, a lawful basis is necessary whenever organisations process personal data. It outlines six bases that organisations can choose from, depending on the circumstances: 1) If the data subject gives their explicit consent or if the processing is
The post The GDPR’s Six Lawful Bases For Processing – With Examples appeared first on IT Governance Blog.
Discover why reliability, scalability, and local support matter more than cost when choosing Australian web hosting for your tech stack.
Proposed changes to AI Act would make it easier for tech firms to use personal data to train models without consentThe European Commission has been accused of “a massive rollback” of the EU’s digital rules after announcing proposals to delay central pa…
Most GDPR (General Data Protection Regulation) breaches arise from everyday slip-ups, such as missing DSAR (data subject access request) deadlines, picking the wrong lawful basis for processing, failing to enforce retention periods, keeping inadequate records or misreporting incidents. However, fall short of your compliance obligations – for whatever reason – and you face complaints, investigations, reputational harm, legal action and regulatory enforcement, including fines of up to £17.5 million under the UK GDPR or €20 million under the EU GDPR, or 4% of your annual global turnover – whichever is greater. This blog post sets out five common GDPR compliance
The post 5 common GDPR mistakes – and how training can fix them appeared first on IT Governance Blog.