What is a Data Processing Agreement in GDPR?

Central to data protection in the EU is the GDPR and its data processing regulation. One of the most challenging aspects of GDPR is adjudicating the relationships between different parties handling data for various purposes–namely, relationships between managed service providers and the various, nebulous groups of organizations that use data for their daily operations.  In… Read More

GDPR Article 32 and the Security of Processing

The General Data Protection Regulation (GDPR) is one of the strongest security and privacy frameworks in operation in the world. Of this regulation, Article 32 stands out among its numerous guidelines as it deals explicitly with the “security of processing” of personal data. This piece aims to demystify GDPR Article 32, breaking down its requirements… Read More

GDPR and Transference of Data to Non-EU Jurisdictions

GDPR governs data privacy in the EU, and organizations on both sides of the Atlantic are grappling with its intricacies.  However, understanding the ins and outs of GDPR, particularly its provisions around international data transfers, can take time and effort. To further complicate matters, the Schrems II decision invalidated the EU-US Privacy Shield Framework and… Read More

Complying with GDPR Requirements and the Europrivacy Certification Mechanism

GDPR certification is quickly becoming a topic of concern for enterprise businesses worldwide. With news of Meta’s record-breaking $1.3B fine from the European Union, companies are learning that data privacy and compliance in the EU is no joke. This article will dig into GDPR to discuss how organizations can approach their security and privacy with best… Read More

How Can Managed Service Providers Handle GDPR Regulations?

The General Data Protection Regulation (GDPR) has fundamentally transformed the data protection landscape for organizations operating within the European Union. Managed Service Providers, essential partners for many businesses, must also carefully navigate GDPR compliance to protect their clients’ data and maintain trust. Understanding the implications of GDPR on MSPs and their services is vital for… Read More

ISO 27701 and Conformance with Privacy Information Management (Part 4)

As previously discussed, ISO/IEC 27701 is a comprehensive international standard that provides specific privacy guidelines for organizations attempting to meet additional standards for handling PII in line with jurisdictions like GDPR. This document aligns ISO-compliant organizations with PII-focused standards by implementing Privacy Information Management Systems (PIMS). So far, we’ve covered how ISO 27701 refines ISO… Read More

ISO 27701 and Conformance with Privacy Information Management (Part 3)

We’ve previously discussed ISO 27701 and how it refines two essential security standards and control libraries (ISO 27001 and ISO 27002). But, the entire purpose of ISO 27701 is to align IT systems with privacy requirements found under GDPR.  Here, we’ll discuss the third section of this document that defines additional guidelines for organizations acting… Read More

ISO 27701 and Conformance with Privacy Information Management (Part 2)

The International Organization for Standardization wrote ISO 27701 to align the standards of the ISO 27001 series with privacy-based standards like GDPR and CCPA. As such, it addresses the core requirements of that standard and refines them so that organizations don’t have to fumble in the dark about adapting their existing ISO certifications to larger… Read More

What Is the Europrivacy Hybrid Certification Model?

GDPR has needed a centralized assessment and certification model for some time now. Still, with the plethora of certifications and standards covering different business contexts, there has yet to be a single approach that has risen to the top of the heap. However, the governing bodies of GDPR have authorized the new Europrivacy standard to… Read More

What Are GDPR Penalties?

Have you noticed the increasingly-complex cookie disclosure forms popping up on even the most unassuming website? These expanded forms aren’t present because digital businesses have suddenly decided informing customers about their data collection practices is an ethical imperative. Instead, these companies are most likely working with customers in both the U.S. and the EU, and… Read More