"The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA)."
Regulations and laws concerning data privacy and security that apply to businesses. Examples include HIPAA, GDPR and CCPA.
General Data Protection Regulation (GDPR): The GDPR is a set of legal requirements that govern the handling of data for businesses operating in the European Union.
Data Privacy: Data privacy refers to the concept that individuals have the right to control the use of their personal data.
Data Security: Data security refers to the practices that businesses follow to protect their data from unauthorized access or loss.
Cybersecurity: Cybersecurity is the practice of protecting computer systems and networks from theft or damage to their hardware and software.
Information Security Management Systems (ISMS): ISMS is a framework used to manage and protect businesses' sensitive data and information.
Risk Management: Risk management is the process of identifying, assessing, and mitigating risks that could affect a business's operations.
Incident Response Planning: Incident response planning outlines the procedures that businesses follow in the event of a data breach or cyber attack.
Privacy Policies: Privacy policies are legal documents that outline how businesses handle personal data.
Cloud Security: Cloud security refers to the protection of data stored in cloud-based systems, which are often used by businesses to store and access data remotely.
Encryption: Encryption is the process of converting plain text data into a coded format to protect it from unauthorized access.
Access Control: Access control is the practice of limiting access to sensitive information based on roles, responsibilities, and user permissions.
Identity and Access Management (IAM): IAM is a framework used to manage user access to sensitive information in a secure and controlled manner.
Data Retention Policies: Data retention policies are legal documents that outline how long a business must retain specific types of data.
Cyber Insurance: Cyber insurance is a type of insurance that businesses can purchase to protect against losses due to cyber attacks or data breaches.
Penetration Testing: Penetration testing is the practice of testing a business's IT infrastructure to identify vulnerabilities that could be exploited by attackers.
General Data Protection Regulation (GDPR): A comprehensive privacy regulation governing the collection, processing, and storage of personal data of individuals located in the European Union.
California Consumer Privacy Act (CCPA): A privacy regulation that sets out the rights of California residents with respect to their personal data, including the right to access, delete, and opt-out of the sale of their data.
Health Insurance Portability and Accountability Act (HIPAA): A US federal law that regulates the privacy and security of protected health information (PHI) held by healthcare providers, insurers, and other healthcare entities.
Payment Card Industry Data Security Standards (PCI-DSS): A set of security standards developed by major credit card companies to protect against credit card fraud and ensure the secure processing of cardholder data.
Personal Information Protection and Electronic Documents Act (PIPEDA): A Canadian federal law that regulates the collection, use, and disclosure of personal information by private sector organizations.
Sarbanes-Oxley (SOX) Act: A US federal law that sets out requirements for corporate governance and financial reporting to protect against fraud and misconduct.
Children's Online Privacy Protection Act (COPPA): A US federal law that regulates the online collection of personal information from children under the age of 13.
Computer Fraud and Abuse Act (CFAA): A US federal law that criminalizes a wide range of computer-related offenses, including hacking, data theft, and cyberstalking.
European Union Network and Information Security Directive (NIS Directive): A cybersecurity regulation that sets out requirements for the security of network and information systems in critical infrastructure sectors.
Federal Information Security Modernization Act (FISMA): A US federal law that establishes security requirements for federal information technology systems and sets out reporting requirements for federal agencies on cybersecurity incidents.
Gramm-Leach-Bliley Act (GLBA): A US federal law that regulates the collection and use of personal financial information by financial institutions and imposes requirements for protecting that information.
Data Dividend Project: A proposed US regulation that would give people the right to control their personal data and receive financial compensation from companies that profit from their data.
Personal Data Protection Act (PDPA): A Singaporean law that regulates the collection, use, and disclosure of personal data by organizations.
Cybersecurity Information Sharing Act (CISA): A US federal law that encourages the sharing of cybersecurity threat information between the government and the private sector.
Cybersecurity and Infrastructure Security Agency (CISA): An agency within the US Department of Homeland Security that works to protect the nation's critical infrastructure from cyber threats.
"The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business."
"It also governs the transfer of personal data outside the EU and EEA."
"It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology."
"The European Parliament and Council of the European Union adopted the GDPR on 14 April 2016, to become effective on 25 May 2018."
"Because the GDPR is a regulation, rather than a European Union directive, it is directly binding and applicable, and it provides flexibility for individual member states to modify some provisions of the GDPR."
"The regulation became a model for many other laws around the world, including in Turkey, Mauritius, Chile, Japan, Brazil, South Korea, South Africa, Argentina, and Kenya."
"As of 6 October 2022, the United Kingdom enacted its own law identical to the GDPR despite no longer being an EU member state."
"The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR."
"The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union."
"The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union."
"The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business."
"The GDPR's goals are to enhance individuals' control and rights over their personal information."
"The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA)."
"It also governs the transfer of personal data outside the EU and EEA."
"The European Parliament and Council of the European Union adopted the GDPR... to become effective on 25 May 2018."
"Because the GDPR is a regulation, rather than a European Union directive, it is directly binding and applicable, and it provides flexibility for individual member states to modify some provisions of the GDPR."
"It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology."
"The regulation became a model for many other laws around the world, including in Turkey, Mauritius, Chile, Japan, Brazil, South Korea, South Africa, Argentina, and Kenya."
"The California Consumer Privacy Act (CCPA), adopted on 28 June 2018, has many similarities with the GDPR."