Search Results for: gdpr

GDPR: How EU Enforcement Works and Doesn’t Work

For non-EU-based companies, preparing for the new EU privacy law GDPR – the General Data Protection Regulation – can be stressful the first time around, and the threat of fines up to 4% of annual sales isn’t making it any better. The fact that you don’t fully know what kind of information your company and… Read more »

Data Privacy & GDPR

When we talk about data privacy, compliance is a journey, not an end state. In the world of cybersecurity compliance, GDPR is the asteroid hurtling towards Earth. U.S. cybersecurity firm Sera-Brynn prepares to help industry avoid billions and billions in fines. Our advisory teams focus on action items that manage the risk. We recommend four phases… Read more »

GDPR Privacy by Design and by Default

“The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.” – Privacy and greater control of data on EU citizens,… Read more »

GDPR Data Protection Officer – Do I Need One?

The short answer is a designated Data Protection Officer (DPO) is not mandatory for all organizations. Which of course begs the question “What organizations do require one?” A DPO is mandatory wherever the data processing is carried out by a public authority or a company (controller or processor) whose core activities consist of processing operations… Read more »

Who Enforces GDPR Compliance?

One of the most talked about aspects of GDPR is GDPR compliance and non-compliance fines. They can be extraordinarily high – some as much as 4% of a business’ global revenue, or €20,000,000 whichever is higher. What’s not often discussed is how the GDPR regulation is going to be enforced – who is it that… Read more »

GDPR – What is it and how does it Affect my Business?

What is GDPR? The European Union’s (EU) General Data Protection Regulation (GDPR) was developed in order to address the modern challenges of data protection and privacy concerns for citizens of the EU’s member states. Prior to GDPR, the EU had the Data Protection Act of 1998. This legislation is out of date with respect… Read more »

Cybersecurity Training Is Not Optional…Unless You Are in the House

Congressional Cybersecurity Training Resolution will mandate training for elected officials. Cybersecurity risk management is about understanding why you are a target, how you will be attacked, and the fallout if an attack is successful. Election security is a big deal. Right now, Florida is trying to get a handle on exactly who might have  been… Read more »

Data Security under the California Consumer Privacy Act: Instructions Not Included

“Reasonable security.” If you’re a California business, this is what’s generally expected of you (e.g., Cal. Civ. Code § 1798.81.5).  If you collect personal data, you are expected to secure it.  But what’s the right level of cybersecurity under the California Consumer Privacy Act of 2018 (CCPA)?  Are specific frameworks recommended? Let’s wade into the… Read more »