GDPR Fundamentals: Data Subject Rights

by Mark Hinely / April 5, 2023

 GPDR is such a revolutionary law because its focus is so heavily on the data subjects and protects personal data not only in the shape of security, but also in privacy. The law actually gives data subjects seven rights, outlines in Chapter 3. These seven rights of data subjects ensure transparency between data subjects and those organizations that are processing their personal data and include: Right to access Right…

How to Read Your Vendor’s SOC 1 or SOC 2 Report

by Sarah Harvey / June 13, 2023

Most organizations outsource some aspect of their business to vendors, whether it’s to perform a specific, integral task or replace an entire business unit. Vendors can be in roles like customer support, financial technology, record storage, software development, or claims processing. Using vendors can further an organization’s business objectives, enable them to function more effectively, and may be more cost-efficient. With all these opportunities, organizations must remain aware of the…

GDPR Fundamentals: The Basics of the Law

by Mark Hinely / April 5, 2023

 Have you been clicking “Accept” on a lot more sites asking for consent to use cookies? Did you receive a flood of updated privacy policies from brands you are subscribed to? Have you noticed that companies who’ve been recently breached are giving out a lot more information about the event than they normally would? There is a reason for all of this, and it’s GDPR. What is GDPR? Born…

GDPR Readiness: How GDPR Impacts Privacy Policies

by Sarah Harvey / July 12, 2023

Privacy Policies and GDPR Since GDPR has become enforceable, the impact of the law on privacy policies has been quite noticeable. Did you receive an influx of emails from your favorite companies notifying you of updates to their privacy policies? In an effort to create GDPR-compliant privacy policies, many organizations rushed to meet the May 25th, 2018 enforcement deadline. But what are some of the mistakes these companies are making while…

What NY CRR 500 Means for Vendor Compliance Management

by Sarah Harvey / December 16, 2022

NY CRR 500 and Vendor Compliance In March 2017, the New York State Department of Financial Services Cybersecurity Requirements Regulation for Financial Services Companies Part 500 (NY CRR 500) of Title 23 went into effect, establishing new cybersecurity requirements for financial services companies. NY CRR 500 requires that financial services companies (covered entities) develop a cybersecurity program that protects the confidentiality, integrity, and availability of sensitive customer information and information…