Originally envisaged as a convenient way to store web data, cookies emerged as a powerful marketing tool in the 2000s. For many years, digital marketers relied on cookies for data collection. However, in recent history, new privacy laws, browser features, and plug-ins have changed the landscape of data collection. Marketers have had to develop tools and strategies to ensure they meet compliance as the internet becomes more and more cookieless.

The General Data Protection Regulation Act (GDPR) requires Data Controllers to establish a written agreement with the Data Processor stating the terms and conditions for the data processing activity. So, before getting into a contract with the Data Processor, a Data Processing Agreement must be signed between both parties regarding the conduct of processing personal data.

The era we live in requires the digitalization of all subjects interacting with people, from giant companies to small-scale organizations. It is unquestionable that this trend has made significant contributions to the data collection process. But the larger the volume of data collected, the greater the risk of a security breach. For this reason, it is essential to control the security and transparency of personal data.

This is the third post in the Threat-Based Methodology blog series. In the first post, we introduced Threat Based Methodology and the analysis conducted by the FedRAMP PMO and NIST. In that post, we ended by listing the top seven controls based on their Protection Value. The second post explored configuration settings in greater depth and explained how Devo supports the ability to meet the CM-6 control.

The team at Reciprocity recently conducted a live poll and asked our audience, “Are you currently using your compliance program to guide your risk management program?” Here’s what our respondents said...

The DoD or Department of Defense of the United States of America implements the CMMC or Cybersecurity Maturity Model Certification to standardize or normalize the overall preparedness for cybersecurity across the DIB (Defense Industrial Base) of the federal government against evolving threats.

Our VP for Data Ethics & Governance, Sophie Chase-Borthwick, was recently part of a panel – the PICCASO Special Interest Group. Sophie joined William Malcolm (Privacy Legal Director at Google), Radha Gohil (Data Ethics Strategy Lead at Shell), and Anne Woodley (Security Specialist at Microsoft) in untangling what data ethics actually means and how best to support it. Here we look at this in more detail.

Businesses are constantly adapting to changing circumstances. Yet, many are strapped for resources and view compliance as nothing more than a checklist of requirements to satisfy regulators or auditors which could short-change their business. At the same time, the pandemic has highlighted the necessity of risk management for every organization, and exposed the gaps that exist in many governance, risk, and compliance (GRC) programs today.

PCI DSS Compliance in Dubai for businesses dealing with payment card data is given great importance and priority. PCI DSS Compliance is a global payment card data security standard established in the online payment industry. It is a standard created and adopted by major card brands (Visa, Mastercard, Discover, American Express, and JCB) to promote secure card transactions in the industry. So, businesses that deal with these credit card brands need to ensure compliance with PCI DSS.

The Payment Card Industry Security Standard Council (PCI SSC) for the benefit of customers, cardholders, and other stakeholders of the industry established a stringent payment card security standard known as PCI DSS. Payment Card Industry Data Security Standard is a framework designed and developed to protect sensitive card data in the environment. The payment security standard is a comprehensive framework that outlines 12 requirements that organizations are expected to meet to ensure compliance.