On January 10, 2025, the French Supervisory Authority (CNIL) imposed a fine of €240,000 on Kaspr, a data enrichment and lead generation tool, for unlawful data scraping activities. This enforcement action, highlighted by the European Data Protection Board (EDPB), underscores regulators’ increasing attention on how companies harvest and reuse
regulatory penalties
Data breach fines can reach up to 4% of global revenue under regulations like GDPR, LGPD, and PIPL. This analysis examines fine determination factors, compliance requirements, and evolving trends including personal liability, class action lawsuits, and proactive enforcement.
On January 20, 2025, Acting Secretary of the Department of Homeland Security (DHS), Benjamine Huffman, issued a memorandum terminating all current memberships on DHS advisory committees, including the Cyber Safety Review Board (CSRB). This decision aligns with the Trump administration's initiative to eliminate what it deems as "
The Cyber Solidarity Act (Regulation (EU) 2025/38), published on January 15, 2025, represents a landmark moment in strengthening the European Union's cybersecurity posture. This regulation addresses the rising tide of cyber threats and lays the groundwork for a resilient digital Europe. EUSolidarityactEUSolidarityact.pdf1 MBdownload-circle Key Highlights 1️
The Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, signed by President Biden on January 16, 2025, is a comprehensive document outlining various measures aimed at bolstering cybersecurity across the United States. BidenEOCyberBidenEOCyber.pdf205 KBdownload-circle Key points include: 1. Enhancing Accountability for Software Providers: * Requirements for
This past year was another jam-packed one for privacy teams. With an onslaught of new and updated state laws, regulatory guidance, and enforcement actions, it has been difficult to stay on top of every development. However, distilling these legal, regulatory, and litigation trends into concrete focus areas and actionable steps
The EU General Court has issued a significant ruling regarding data privacy violations involving the European Commission. Here's an overview of the case: In 2021 and 2022, a German citizen accessed the "Conference on the Future of Europe" website, which utilized the EU Login system. The
GDPR enforcement
December 2024 saw significant GDPR penalties including OpenAI's €15M fine for reporting failures, Netflix's €4.75M penalty for inadequate privacy notices, and Meta's ongoing compliance challenges. This analysis extracts actionable lessons from each case to strengthen your privacy program.
As 2025 approaches, the regulatory landscape for cybersecurity is set to become more complex and demanding. With new standards and directives being introduced globally, Chief Compliance Officer (CCO) / Chief Information Security Officers (CISOs) face the challenge of staying ahead of compliance requirements while protecting their organizations against evolving threats. In
In an era where data breaches and digital espionage are front-page news, the need to safeguard Americans’ personal data from foreign adversaries has reached a critical juncture. Policymakers from both major parties have explored legislative solutions to strengthen protections for U.S. citizens against potential foreign surveillance and data exploitation.
Navigating the complex world of Governance, Risk, and Compliance (GRC) requires a solid foundation of knowledge, particularly in cybersecurity and enterprise risk management. The National Institute of Standards and Technology (NIST) has long been a beacon of guidance, offering a wealth of resources tailored to help organizations strengthen their security
In the ever-evolving digital landscape, Meta (formerly Facebook) stands as a titan, its influence extending far beyond the realm of social media. But with this immense power comes a profound responsibility – one that Meta has often struggled to uphold. The company's relentless pursuit of data, its foray into